Privacy Notice in relation to Drug Safety and Drug Quality Surveillance

Privacy Notice in relation to Drug Safety and Drug Quality Surveillance

Last updated: 14 January 2020

 

  1. Background

Tillotts Pharma (“Tillotts”) develops and markets prescription and over-the-counter medicines for human use (“Tillotts Products” or “Products”).

This Privacy Notice (the “Notice”) explains how we process (e.g. collect, use, store, and share) your personal data for the purposes of drug safety and drug quality surveillance, as further outlined in section 3 (the “Purposes”). The scope of this Notice is limited to the collection and processing of your personal data in connection with the Purpose. We will process your personal data only in accordance with this Notice and in line with applicable data protection laws, including the EU General Data Protection Regulation (GDPR), the Data Protection Act 2018, and other applicable local laws in your jurisdiction that regulate the processing of personal data (the “Data Protection Laws”).

  1. What categories of personal data do we collect?

We may process the following categories of personal data from you in connection with the Purpose:

Adverse Event Reports

About a patient:

  • Initials;
  • Age and/or date of birth;
  • Gender;
  • Details of the Product causing the adverse event;
  • The reason you have been taking or were prescribed the Product;
  • Details of other medicines or remedies you are taking or were taking at the time of the reaction;
  • The reason you have been taking the other medicines and any subsequent changes in your medicines;
  • Details of the reaction you suffered, the treatment you received for that reaction, and any long-term effects the reaction has caused to your health; and
  • Medical history considered relevant, including documents such as laboratory reports.

About a reporter:

  • Name;
  • Contact details (which may include your address, email address, phone number or fax number); and

Medical Information Inquiries

About a patient:

  • Initials;
  • Age and/or date of birth;
  • Gender;
  • Details of the Product causing the adverse event; and
  • The reason you have been taking or were prescribed the Product;

About a reporter:

  • Name;
  • Contact details (which may include your address, email address, phone number or fax number); and

Product Quality Complaints

About a reporter:

  • Name;
  • Contact details (which may include your address, email address, phone number or fax number);
  • Type of claimant (e.g., are you a patient or HCP); and
  • Details of the Product causing the quality complaint.
  1. Why do we process your personal data?

 

Adverse Event Reports

Any personal data related to adverse events or other activities related to drug safety will be used solely for the detection, assessment, understanding, and prevention of adverse effects or any other Product-related problem. Your personal data will be maintained in our safety database which is regularly analysed for overall patterns. If you are a reporter, your personal data may be processed in connection with follow-up activities.

Medical Information Inquiries

Any personal data related to a medical information inquiry may be used to answer the inquiry, follow up on such requests and maintain the information in our database for reference. Where required by law, we may also report the data to regulatory authorities. 

Quality Complaints

Any personal data related to a Product quality complaint will be used solely for the detection, assessment, understanding, and prevention of the Product quality problem. Your personal data may be processed in connection with follow-up activities.

  1. What is the legal basis for the processing of your personal data?

We process your personal data for the Purposes in order to comply with our legal obligations (Article 6(1)(c) GDPR) and for reasons of public interest in the area of public health (Article 9 (2)(i) GDPR). 

  1. Who do we share your personal data with?

We may share your personal data with:

  • Health authorities;
  • Within the Tillotts Group; and
  • Partner companies that assist us (e.g. distribution partners, service providers, consultants, IT service providers, etc.).

In any report that is shared, only the minimum data required is included, and the names, initials and contact details of patients are always removed to the extent permitted by applicable laws.

  1. Do we transfer your personal data outside the EU/EEA?

Our relevant safety databases are hosted in Switzerland and Germany. However, we may need to transfer your personal data to parties that are based outside of the European Economic Area (“EEA”) in a country for which the European Commission has not decided that it ensures an adequate level of data protection (“Third Country”).

In cases where your personal data is transferred to a Third Country, we will take such measures as are required to ensure the transfer is in compliance with Data Protection Laws. Such measures may include (without limitation) transferring your personal data to a recipient that has achieved binding corporate rules authorisation in accordance with applicable Data Protection Laws, or to a recipient that has executed standard contractual clauses adopted or approved by the European Commission. In addition, data transfers to recipients in the USA may be protected by an EU-U.S. / Swiss-U.S. Privacy Shield certification.

  1. How do we ensure the security of your personal data?

We have implemented appropriate state of the art technical and organisational measures to safeguard personal data processed for the purposes of drug safety, including procedures designed to restrict access to personal data to those employees who need it to perform their job.

 

We maintain physical, electronic and procedural measures to safeguard personal data from accidental loss, destruction or damage and unauthorised access, use and disclosure.

Whenever reasonably possible, we process personal data in key coded pseudonymised form.

  1. Which data retention periods apply?

Your personal data will be stored in accordance with applicable laws and kept as long as needed to carry out the Purpose or as otherwise required by applicable laws.

  1. What are your data protection rights?

Under the GDPR and any national data protection law of the EU member states, you have the right to:

  • check whether we hold personal data about you, and if so for what purposes and what kind of personal data we hold about you and to request copies of that data;
  • request rectification or erasure of your personal data that is inaccurate or processed for purposes not stated above;
  • request us to restrict the processing of your personal data;
  • in certain circumstances, object to the processing of your personal data;
  • if data processing is based on consent, you may withdraw your consent at any time, however, without affecting the lawfulness of processing based on consent before its withdrawal;
  • request information on the identities or categories of third parties to which your personal data are transferred; and
  • lodge a complaint with the data protection authority in your country.

Please note, however, that under applicable laws, there may be limits on these rights depending on the specific circumstances of the processing activity. Please note that due to our legal obligations under pharmacovigilance legislation, Tillotts may not be able to erase or restrict processing of your personal data. Contact us as described in Section 10 with questions or requests relating to these rights.

  1. Updates to this Notice

We may update this Notice from time to time in response to changing legal, technical or business developments. We will take appropriate measures to inform when we update our Notice, consistent with the significance of the changes we make.

It is possible to see when this Notice was last updated by checking the “last updated” date displayed at the top of this Notice.

  1. How to contact us

Any questions or concerns about our use of personal data can be directed to this Email ».