Full pharmacovigilance privacy notice
Data Controller (also “we”, us, etc.): Istituto Lusofarmaco d’Italia S.p.A. with registered offices in Strada 6, Edificio L, 20089 Milanofiori Rozzano (MI). The data protection officer (“DPO”) can be reached at the following address: firstname.lastname@example.org
The data you share with us –including health information- (“Data”) is processed by the Data Controller in line with the EU regulation 679/2016 (“Regulation”) to meet the requirements connected to pharmacovigilance prescribed by the applicable laws, which may include re-contacting you to collect additional follow-up information. Once the Data Controller receives the data, the Data Controller is bound to process it to pursue a legal obligation in the field of public health and ensure a high standard of safety and quality of medicinal products (legal basis of the processing in accordance with arts. 6.1(c) and 9.2(j) of the Regulation). We hereby inform you that whenever you disclose personal data of third parties (“third party data”) to us, you warrant you have obtained full clearance for us to process such third party data as described in this document. Specifically, you have duly informed the concerned third parties about the processing and/or obtained their consent to process their data (as required by the applicable law) with the specifications described in this document. You should not disclose to us information that may directly identify the patient, unless otherwise required by the applicable pharmacovigilance rules.
In order to fulfil the above legal obligations, Data shall be retained as long as the relevant product is authorised and for at least 10 years after the marketing authorisation for such product has been discontinued, unless EU law or national law requires longer retention periods. Data are accessible to the European Medicine Agency and to the competent health authorities, also outside the EU (e.g., the US FDA), as required by the applicable laws, to Menarini Group Companies and their staff authorised to process personal data (the list of Menarini Group Companies is available on the website www.menarini.com, or on request); licensors, licencees, distributors; service providers which support the Companies with pharmacovigilance-related obligations and procedures; to other recipients prescribed by the applicable law. The Company may also use the data to establish, exercise or defend legal claims. The full list of recipients is available on request.
Your data may be transferred to non-EU countries, including countries whose laws do not afford the same level of protection to personal data privacy as EU law. Wherever possible, we will ensure that the transferred data is protected by adequate guarantees prescribed by EU privacy laws, i.e. by ensuring the recipients concludes Standard Contractual clauses or enrols in a program for the free movement of data approved by the EU Commission (a copy of the clauses or safeguards is available on request). However, when data must be disclosed to non EU authorities in charge of monitoring the safety of medicinal products, we may not be able to put in place such safeguards. In that case, the non EU authorities in question will process the data in line with the laws applicable in their jurisdiction, which means you may not have the right to access and control the Data disclosed to such authorities you would enjoy under EU law. In any case, please be reassured that disclosure to said non EU authorities –which takes place only insofar as necessary to pursue the internationally recognised public interest to ensure the safety of medicinal products sanctioned by EU and Member State laws- shall happen in line with the principle of data minimisation, and shall, wherever possible, be restricted to data that do not permit to identify you directly.
By addressing a request to the Data Controller or the DPO at the above addresses you may receive the list of recipients of your data and/or exercise the applicable rights afforded by arts. 15-22 of the Regulation, including, by way of example, obtain confirmation about whether we are processing your data, verify their content, origin, exactness, location, obtain a copy, procure that your data are supplemented, updated, rectified, anonymised, supplemented, object to their processing. Lastly, we inform you have the right to lodge a complaint with the Data protection authority.