1.       BACKGROUND

Gedeon Richter Plc. (seat: 1103 Budapest Gyömrői út 19-21.; Company Registration Number: 01-10-040944;) (hereinafter referred to as "Richter" or "we" or "us") as data controller is firmly committed to respecting your data protection and privacy rights and protecting your personal data. Therefore, this Privacy Notice aims to explain how we process and protect your personal data when

• you report an adverse event/adverse drug reaction in connection with our product(s),
• you request information about one or more of our products, or
• you submit other claims or questions connected to pharmacovigilance issues, adverse events/adverse drug reactions or medical issues.

• We will use the information you (or other person) provided for us about yourself or connected to you, by sending us via any channel (e.g. direct email or contacting us through one of our partners or through our websites) a question or an adverse event / adverse drug reaction notification, or by calling us in order to take the necessary actions regarding your request or notification.
  
  This may include the processing of personal information relating to you as an identified or identifiable natural person (i.e. personal data) which is subject to Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC ("General Data Protection Regulation" or "GDPR"), and furthermore the Act CXII of 2011 on the Right of Informational Self-Determination and on Freedom of Information. Under the GDPR, you as data subject has the right to submit any question or complaint you may have to Richter (as data controller) or a complaint against Richter to the data protection supervisory authority of your habitual residence. In Hungary, this data protection supervisory authority is the National Authority for Data Protection and Freedom of Information (seat: 1024 Budapest, Szilágyi Erzsébet fasor 22/C; website: www.naih.hu; phone: +36 1 391 1400; fax: +36 1 391 1410; email address: ugyfelszolgalat@naih.hu). We recommend to contact Richter as data controller first if you have any questions or complaints before submitting a query to the authority regarding the handling of your personal data by sending an email to the email address dataprotection-(at)-richter.hu or a postal letter to Richter's Legal and Global Operations Management Department (postal address: 1475 Budapest Pf.: 27 ).
  
   

2.       CONTACT DETAILS OF THE DATA CONTROLLER AND ITS DATA PROTECTION OFFICER

2.1.    DATA CONTROLLER
Name: Gedeon Richter Plc.
Seat: H-1103 Budapest, Gyömrői út 19-21., Hungary
Company registration number: 01-10-040944
Tax number: 10484878-2-44
Website: https://www.gedeonrichter.com

Managing Director: Mr. Gábor Orbán

2.2.    DATA PROTECTION OFFICER
Email address: dataprotection-(at)-richter.hu
Postal address: 1475 Budapest Pf.: 27

 

3.       DETAILS ON THE DATA PROCESSOR

1. Name: ArisGlobal Limited
   Seat: 16A, Lincoln Place, Dublin 2, Ireland
   Website: https://www.arisglobal.com/
   Data processing activities of the data processor: ArisGlobal provides a drug safety database which helps us to record, monitor and follow-up adverse events/adverse drug reactions, and allows us to forward the reports to the regulatory authority to fulfil our legal obligations.
    
2. Name: Bioclinica Safety and Regulatory Solutions 
   Seat: 120P – 122P, Belagola Industrial Area K.R.S. Road, Metagalli, Mysore – 570 016
   Website: https://www.bioclinica.com/
   Data processing activities of the data processor: Bioclinica performs case processing activities in the Arisg safety database.
   
   

4.       DEFINITIONS
"Adverse event" means any untoward medical occurrence in a patient or clinical trial subject administered a medicinal product and which does not necessarily have a causal relationship with this treatment.
"Adverse drug reaction" means a response to a medicinal product which is noxious and unintended. A causal relationship between a medicinal product and an occurrence is suspected.
"Data controller" means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.
"Data processor" means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

"EudraVigilance" means a centralised European database of suspected adverse reactions to medicines that are authorised or being studied in clinical trials in the European Economic Area (EEA).

"GDPR" means the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).

"Medical Information Service" means an organizational unit within Richter which provides information to customers, healthcare professionals and/or the members of the public on the products marketed by Richter.

"Pharmacovigilance" a compound word derived from pharmakon (Greek for drug) and vigilare (Latin for to keep watch) that means guarding against the adverse effects of pharmaceutical products. Guarding means ensuring the safe use of drugs, assessing their efficacy and monitoring new and known side effects. The term pharmacovigilance includes any activity carried out in order to ensure the safe use of drugs. According to the World Health Organisation (WHO) definition published in 2002, pharmacovigilance "is defined as the science and activities relating to the detection, assessment, understanding and prevention of adverse effects or any other drug-related problems."

"Personal data" means any information relating to an identified or identifiable natural person ('data subject'). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

5.       HOW SHOULD THE DATA SUBJECT BE INFORMED ABOUT THIS PRIVACY NOTICE?

As we describe the possible sources of information in Point 6.2 below, it is not an ultimate situation that we receive information directly from the data subjects (persons who are directly concerned by the adverse event or require product-related medical information).

Informing data subjects about the data processing is a privacy principle. We are bound by this obligation even if the personal data is not received directly from the data subject her/himself. However, in some cases we do not possess enough information about the data subject (including the lack of contact data). In such cases we are not able to directly contact the data subjects and inform them directly, after we receive an information on them from the reporter.

For cases, when the source of information (i.e. reporter) is not the data subject her/himself, we suggest and encourage the reporter to inform the data subject (directly affected person) about the existence and availability of this Privacy Notice. It is desirable to share the URL link to this Privacy Notice, or at least refer to the content and/or the environment where the Privacy Notice can be found.

6.       PHARMACOVIGILANCE

6.1. WHAT ARE THE CIRCUMSTANCES OF THE PERSONAL DATA PROCESSING?

We will process the personal data with the following circumstances.

6.2. WHAT/WHO IS THE SOURCE OF THE ADVERSE EVENT / ADVERSE DRUG REACTION INFORMATION?

Richter may receive information on adverse events / adverse drug reactions from the below sources:

• patient;
• healthcare processional (e.g. doctors, pharmacists, nurses, vets, dentists, opticians, chiropodists, midwives, laboratory directors, bio-medical operatives, physiotherapists, nutritionists);
• third person (e.g. family member of the patient, attorney-at-law, colleague);
• public source (e.g. professional articles);
• other source.
  
  However, in most of the cases we will receive personal data from the above sources with direct data sharing, and originally we do not oblige persons to send us an adverse event / adverse drug reaction report, in case we receive any information concerning an adverse event / adverse drug reaction which might be in connection with any of our products, we are obliged by law to collect information on the case and handle it according to the defined pharmacovigilance procedure. This results that we are obliged by law to process personal data, after we will be familiar with such data.
  
  Please note that healthcare professionals are obliged by law to report about adverse drug reaction they receive information on.
  
  Please also note that we are always obliged to administer and register the contact details (name and other contact data) of the reporter of adverse event / adverse drug reaction.
  
   

6.3. FORMS OF RECEIVING INFORMATION

Richter may receive information addressed directly to Richter on adverse events / adverse drug reactions in the below forms, through the below listed channels:

• Electronic - written / postal - written / personal - oral
• email communication;
• personal communication;
• phone communication;
• Richter's websites, social media;
• postal letter.
  
  

6.4. WHAT DO WE DO WITH THE INFORMATION ON ADVERSE EVENT / ADVERSE DRUG REACTION?

The pharmacovigilance reporting procedure is strictly regulated by the European Union and national legal regulations. During the handling of the reports we may carry out the following actions:

• Receiving the information on adverse event / adverse drug reaction via e-mail, via websites, via phone calls, via postal letters, via personal information sharing, via public source search.
• Registering and processing the adverse event / adverse drug reaction into our own, national and international databases.
• Assessing the adverse event / adverse drug reaction (i.e. medical evaluation of the adverse event report).
• Follow up the adverse event. (I.e. asking questions in connection with the adverse event if the originally provided or available information is not sufficient for the complex evaluation of the case.)
• Transferring and disclosing data on adverse event / adverse drug reaction to recipients listed in Point 6.5 below.
  
   

6.5. DO WE DISCLOSE OR TRANSFER YOUR PERSONAL DATA?

According to the pharmacovigilance legislation Richter may share personal data in connection with pharmacovigilance information

• with entities (affiliates and representative offices) within Richter group;
• with regulatory authorities, national health authorities, including submitting the case into EudraVigilance system (however transferring personal data to EudraVigilance system is very rare since anonym data are sufficient);
• with Richter's service providers who are part of Richter's pharmacovigilance system and processes. We provide appropriate safeguards and guaranties for the data transfers (including data transfers to service providers established in third countries)
• with commercial partners (with whom we commercialize the same pharmaceutical products in different countries based on commercial agreements).
  
   

7.       MEDICAL INFORMATION SERVICE

7.1.    WHAT ARE THE CIRCUMSTANCES OF THE PERSONAL DATA PROCESSING?

We will process the personal data with the following circumstances, unless the question/request concerns Pharmacovigilance related issues because in such case, Section 6 shall apply.

7.2.    WHAT/WHO IS THE SOURCE OF THE MEDICAL INFORMATION REQUEST/QUESTIONS?

Richter may receive medical information, medical enquiry from the below sources.

• patient;
• healthcare processional (e.g. doctors, pharmacists, nurses, vets, dentists, opticians, chiropodists, midwives, laboratory directors, bio-medical operatives, physiotherapists, nutritionists);
• third person (e.g. family member of the patient, attorney-at-law, colleague).