(Last updated: 29th June 2018)
Gedeon Richter Plc. (seat: 1103 Budapest, Gyömroi út 19-21. ; Company Registration Number: Cg. 01-10-040944;; hereinafter “we”, “us” or “Company”) is committed to protecting the privacy of individuals. This Privacy Notice informs you about the processing of the personal data collected by us from the users, visitors (hereinafter collectively “Data Subjects”) of our website’s (hereinafter “Website”) services (hereinafter “Services”). Data Subjects below the age 16 (hereinafter “Minors”) are not eligible to use our services and we ask that minors do not submit any personal data to the Company.[1]
Please read this Privacy Notice in conjunction with our general Terms of Use and Cookie Notice.
We may revise the Privacy Notice at any time by updating this posting and we will obtain your consent to the changes when necessary. You can determine when the Privacy Notice was last revised by referring to the “Last updated” legend at the top of this Privacy Notice.
WHO WILL BE THE DATA CONTROLLER?
The data controller is the Company. Your data will be processed by the Company in compliance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation or “GDPR”), and the national laws applicable to this Website.
WHAT IS THE PURPOSE OF DATA PROCESSING?
We handle personal data in order to provide you with our Services per your request. The personal data collected from you as Data Subject will be handled by our employees, kept confidential and used by us for lawful and relevant purposes for providing our services to you.
Purposes of personal data processing and such use of your personal data may be
a) connected to our Services such as
· carrying out your requests submitted through our Website, respond to your inquiries or requests;
· providing a communication channel for the notification of adverse reactions to us for pharmacovigilance purposes.
b) protect against and prevent fraud, misuse, and providing security of communications at our Website;
c) to provide you with customer support; or
d) the handling of complaints and enforcement of our general Terms of Use, Privacy Notice and Cookie Notice.
We may also process your personal data for purposes previously communicated to you from time to time, as long as such other purposes are directly relating to and compatible with the purposes indicated in this Privacy Notice and Cookie Notice.
WHAT IS THE LEGAL BASIS OF DATA PROCESSING?
Unless otherwise indicated to you in this Privacy Notice, processing of your personal data is voluntary and based on your freely given consent. You have the right to withdraw your consent at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal. Failure to provide the requested personal data may result in us being unable to provide to you our Services. If any of our communications constitute direct marketing (including newsletters) we will separately seek your consent to such communications.
In relation to adverse effect notifications, the legal basis of data processing is our legal requirement to comply with European and national pharmacovigilance laws.
Personal data will also be processed to the extent this is required to pursue our legitimate interests as a data controller (e.g. to protect against and to prevent fraud, to manage our professional relations, to provide information about our products, to handle complaints and enforce our terms and conditions).
WHAT PERSONAL DATA MAY WE COLLECT?
In the course of our activities and for the purposes indicated above, we may process (collect) the following personal data of Data Subjects.
· General usage information. Information that informs us on how you use our Services when you use our Website, including search behaviour and preferences, a record of the searches that you make on our Website and browsing activity (including: IP address, time of visit, visited pages, on-page interactions, limited detail location information, device and software of the user, first-time or repeated visits, traffic source information). We use this information to improve our Services to you, as well as to identify improvement areas of the quality of our Services.
Our Services are not aimed at collecting sensitive personal data from Data Subjects, other than adverse reactions information (health data) for pharmacovigilance purposes.
DO WE USE COOKIES?
Our Website may use cookies to distinguish you from other users of our Website. This helps us to provide you with a good experience when you are browsing our Website and also allows us to improve our Website.
A cookie is a small file of letters and numbers that we store on your browser or the hard drive of your computer if you agree. Cookies contain information that is transferred to your computer’s hard drive.
For more information regarding the use of cookies on our Website, please read our separate Cookie Notice here (https://educationalmaterial.gedeonrichter.com/cookie-notice).
WHERE IS THE INFORMATION STORED AND WHO WILL SEE THE INFORMATION?
Only those authorized persons and departments within the Company will have access to your personal data who have an essential need to know that data for the fulfilment of their activities. We will not disclose any of your personal data to third parties, any external bodies or organizations, except as set out below, or unless you consent to data transfer or the data transfer is required or permitted by law.
We may engage third party vendors as data processors (hereinafter “Data Processor”) to provide services to us, and share your personal data with such third parties as well as with legal and other advisors, consultants that assist us. Nonetheless, in such a case, we always ensure confidentiality of your personal data, for example by concluding a confidentiality and non-disclosure agreement.
Such third party vendor Data Processors we employ is:
1.) Name of Data Processor: Pharmapromo Kft.;
Contact details
|
Seat: 4026 Debrecen, Csemete utca 20. Website: www.pharmapromo.hu Email: info@pharmapromo.hu Phone: +36 52 781-391 |
What kind of personal data is processed? |
HOW LONG WILL PERSONAL DATA BE RETAINED?
We keep personal data for no longer than is necessary for us to fulfil the purposes for which such personal data was processed (collected) unless we are specifically required to process personal data longer by applicable laws.
We will delete and erase personal data if[2]
(i) you withdraw consent on which the data processing is based and there is no other legal ground for the processing;
(ii) if you object to the data processing and there are no overriding legitimate grounds for the data processing, or you object to the processing for purposes of direct marketing;
(iii) the personal data have been unlawfully processed; and
(iv) the personal data have to be erased for compliance with a legal obligation to which the Company is subject.
Deletion shall not apply to the extent that processing is necessary for compliance with a legal obligation which requires data processing by the Company or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Company (if any); for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes; or for the establishment, exercise or defence of legal claims of the Company.
WHAT INTERNATIONAL DATA TRANSFERS OCCUR?
Unless we inform you otherwise in this Privacy Notice or in any other communication of ours, we do not transfer your personal data to a country or territory outside the European Economic Area.
HOW DO WE ENSURE DATA INTEGRITY?
All practicable and reasonable steps will be taken to ensure that personal data held by us is accurate. Please, keep your personal data up to date, and to inform us of any changes to such personal data you provide to us.
HOW DO WE PROTECT PERSONAL DATA?
We will take all necessary steps to ensure security of the personal data and to avoid unauthorized or accidental access, collection, use, disclosure, copying, modification, disposal, erasure or other unauthorized use. Please note that electronic transmission of information cannot be entirely secure. We use Secure Sockets Layer (“SSL”) and password encryption in order to protect the security of information that we process.[3] Please note that you have the affirmative duty to keep your password information safe and not to share this data with third persons.
Any information we receive about possible adverse events related to our products, will only be accessible to a restricted number of personnel who are in the need of having access to such data in order to perform their employment duties with such data, and the data are protected by appropriate technical and organizational measures.
WHAT ARE YOUR RIGHTS AND REMEDIES?
You have the right to have incomplete, incorrect inappropriate or outdated personal data deleted or updated, marked or blocked. If you believe any of the personal data we hold about you is incomplete, incorrect or outdated, you can contact us and we will make the necessary corrections within twenty-five (25) days. All practicable and reasonable steps will be taken to ensure that personal data held by us is accurate. We will mark personal data if you dispute its correctness or up-to-date status and such claim cannot be verified beyond doubt. You may request that we delete your personal data, but we may be required by law to keep such information and not delete it (or to block or mark this information for a certain time, in which case we will comply with the deletion request only after having fulfilled such requirements).
You have the right to be informed what personal data is processed about you. We will respond to such request for access to personal data as soon as possible, but within twenty-five (25) days from its submission at the latest. We may request the provision of additional information necessary to confirm your identity. You are also entitled to object to the processing of your personal data if processing or transfer of personal data is necessary solely for the performance of a contractual obligation, necessary for the enforcement of the legitimate interest of ours, a data recipient or any other third person (except if the data processing is compulsory); as well as if permitted by law. Such objection will be investigated by us within fifteen (15) days of filing the objection. If you do not agree with our decision as regards any objection, you are entitled to initiate court proceedings within thirty (30) days after receipt of the decision refusing such objection.
If you consider that your privacy and data protection rights have been infringed, you may contact the relevant data protection authority supervising the activities of the Company, namely the Hungarian National Data Protection and Freedom of Information Agency (Nemzeti Adatvédelmi és Információszabadság Hatóság, H-1024 Budapest, Szilágyi Erzsébet fasor 22/C.; phone: +36-1-391-1400; fax: +36 1 391 1410; email: ugyfelszolgalat@naih.hu) or to the competent data protection regulatory authority located in the European Union’s relevant Member State where your habitual residence, place of work or place of the alleged infringement is.
This Website may contain links to third party websites. These linked websites are not under our control, and are regulated by their own privacy policies. We are not responsible for the privacy practices of any such linked websites.
HOW CAN YOU CONTACT US ABOUT THIS PRIVACY NOTICE?
For more information regarding privacy and data protection inquiries and requests by Data Subjects, please contact the Company’s Legal and Global Operations Management Department on the dedicated channels (postal address: 1475 Budapest Pf.: 27; email:dataprotection@richter.hu).
[1] It is recommended to mention such restriction directly on the Website where users have the possibility to interact and, therefore, submit personal data to the Company.
[2] It is good practice to include as many criteria as possible which would be taken into account to determine the retention period of categories of data. It is recommended to include a table which could display retention periods per each categories of personal data.
[3] These tools and solutions are suggested to use. Please delete if not applicable.
[KÉd1]No personal data processing are carried out, except cookie usage. Please, find the information on cookies placed on the Website in our Cookie Notice.