Privacy notice

(Last updated: 04th October 2019)

Gedeon Richter Plc. (seat: ​1103 Budapest, Gyömrői út 19-21. ; Company Registration Number: Cg. 01-10-040944​;; hereinafter “we”, “us” or “Company”) is committed to protecting the privacy of individuals. This Privacy Notice informs you about the processing of the personal data collected by us from the users, subscribers, visitors (hereinafter collectively “Data Subjects”) of our website’s (hereinafter “Website”) services (hereinafter “Services”). Data Subjects below the age 16 (hereinafter “Minors”) are not eligible to use our services and we ask that minors do not submit any personal data to the Company.

Please read this Privacy Notice in conjunction with our general Terms of Use and Cookie Notice.

We may revise the Privacy Notice at any time by updating this posting and we will obtain your consent to the changes when necessary. You can determine when the Privacy Notice was last revised by referring to the “Last updated” legend at the top of this Privacy Notice.

WHO WILL BE THE DATA CONTROLLER?

The data controller is the Company. Your data will be processed by the Company in compliance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation or “GDPR”), and the national laws applicable to this Website.

WHAT IS THE PURPOSE OF DATA PROCESSING?

We handle personal data in order to provide you with our Services per your request. The personal data collected from you as Data Subject will be handled by our employees, kept confidential and used by us for lawful and relevant purposes for providing our services to you.

Purposes of personal data processing and such use of your personal data may be

  1. connected to our Services such as
    1. carrying out your requests submitted through our Website, respond to your inquiries or requests;
  2. the handling of complaints and enforcement of our general Terms of Use, Privacy Notice and Cookie Notice.

We may also process your personal data for purposes previously communicated to you from time to time, as long as such other purposes are directly relating to and compatible with the purposes indicated in this Privacy Notice and Cookie Notice.

WHAT IS THE LEGAL BASIS OF DATA PROCESSING?

Unless otherwise indicated to you in this Privacy Notice, processing of your personal data is voluntary and based on your freely given consent. You have the right to withdraw your consent at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal. Failure to provide the requested personal data may result in us being unable to provide to you our Services. If any of our communications constitute direct marketing (including newsletters) we will separately seek your consent to such communications.

In relation to adverse effect notifications, the legal basis of data processing is our legal requirement to comply with European and national pharmacovigilance laws.

If you enter into a contract with us or subscribe to our Services, we will process your personal data pursuant to Article 6 (1) and (b) of the GDPR to the extent processing is necessary in order to administer the Services you request or in order to take steps at your request prior to entering into a contract with us.

Personal data will also be processed to the extent this is required to pursue our legitimate interests as a data controller (e.g. to protect against and to prevent fraud, to manage our professional relations, to provide information about our products, to handle complaints and enforce our terms and conditions).

WHAT PERSONAL DATA MAY WE COLLECT?

In the course of our activities and for the purposes indicated above, we may process (collect) the following personal data of Data Subjects.

  • Language preferences. This information allows us sending communications to you in languages you understand.

Our Services are not aimed at collecting sensitive personal data from Data Subjects, other than adverse reactions information (health data) for pharmacovigilance purposes.

DO WE USE COOKIES?

Our Website may use cookies to distinguish you from other users of our Website. This helps us to provide you with a good experience when you are browsing our Website and also allows us to improve our Website.

A cookie is a small file of letters and numbers that we store on your browser or the hard drive of your computer if you agree. Cookies contain information that is transferred to your computer’s hard drive.

For more information regarding the use of cookies on our Website, please read our separate Cookie Notice here (https://www.terrosapatient.com/cookie-notice).

WHERE IS THE INFORMATION STORED AND WHO WILL SEE THE INFORMATION?

Only those authorized persons and departments within the Company will have access to your personal data who have an essential need to know that data for the fulfilment of their activities. We will not disclose any of your personal data to third parties, any external bodies or organizations, except as set out below, or unless you consent to data transfer or the data transfer is required or permitted by law.

We may engage third party vendors as data processors (hereinafter “Data Processor”) to provide services to us, and share your personal data with such third parties as well as with legal and other advisors, consultants that assist us. Nonetheless, in such a case, we always ensure confidentiality of your personal data, for example by concluding a confidentiality and non-disclosure agreement.

Such third party vendor Data Processors we employ are:

1.) Name of Data Processor: Pharmapromo Kft.;

Contact details   Seat: 4026 Debrecen, Csemete utca 20. Website: www.pharmapromo.hu Email: info@pharmapromo.hu Phone: +36 52 781-391
What kind of personal data is processed? No personal data processing are carried out, except cookie usage. Please, find the information on cookies placed on the Website in our Cookie Notice.

HOW LONG WILL PERSONAL DATA BE RETAINED?

We keep personal data for no longer than is necessary for us to fulfil the purposes for which such personal data was processed (collected) unless we are specifically required to process personal data longer by applicable laws.

We will delete and erase personal data if

(i)    you withdraw consent on which the data processing is based and there is no other legal ground for the processing;

(ii)   if you object to the data processing and there are no overriding legitimate grounds for the data processing, or you object to the processing for purposes of direct marketing;

(iii) the personal data have been unlawfully processed; and

(iv) the personal data have to be erased for compliance with a legal obligation to which the Company is subject.

Deletion shall not apply to the extent that processing is necessary for compliance with a legal obligation which requires data processing by the Company or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Company (if any); for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes; or for the establishment, exercise or defence of legal claims of the Company.

In case of registrations or subscriptions of healthcare professionals with our Website that have not been confirmed, we store the personal data for a period of fifteen (15) days. In case of completed registrations or subscriptions, we store your personal data and maintain your account with us until you withdraw your consent to data processing or you request that we delete your personal data or you unsubscribe from our newsletters or other direct marketing communications.

Unsuccessful job application data will be retained for a period of six (6) months counted from your submission of the application, unless you consent that we may retain your personal data for future applications. Successful job application data will be retained until your employment relationship exists counted from your submission of the application.

WHAT INTERNATIONAL DATA TRANSFERS OCCUR?

Unless we inform you otherwise in this Privacy Notice or in any other communication of ours, we do not transfer your personal data to a country or territory outside the European Economic Area.

HOW DO WE ENSURE DATA INTEGRITY?

All practicable and reasonable steps will be taken to ensure that personal data held by us is accurate. Please, keep your personal data up to date, and to inform us of any changes to such personal data you provide to us.

HOW DO WE PROTECT PERSONAL DATA?

We will take all necessary steps to ensure security of the personal data and to avoid unauthorized or accidental access, collection, use, disclosure, copying, modification, disposal, erasure or other unauthorized use. Please note that electronic transmission of information cannot be entirely secure. We use Secure Sockets Layer (“SSL”) and password encryption in order to protect the security of information that we process. Please note that you have the affirmative duty to keep your password information safe and not to share this data with third persons.

Any information we receive about possible adverse events related to our products, will only be accessible to a restricted number of personnel who are in the need of having access to such data in order to perform their employment duties with such data, and the data are protected by appropriate technical and organizational measures.

WHAT ARE YOUR RIGHTS AND REMEDIES?

You have the right to have incomplete, incorrect inappropriate or outdated personal data deleted or updated, marked or blocked. If you believe any of the personal data we hold about you is incomplete, incorrect or outdated, you can contact us and we will make the necessary corrections within twenty-five (25) days. All practicable and reasonable steps will be taken to ensure that personal data held by us is accurate. We will mark personal data if you dispute its correctness or up-to-date status and such claim cannot be verified beyond doubt. You may request that we delete your personal data, but we may be required by law to keep such information and not delete it (or to block or mark this information for a certain time, in which case we will comply with the deletion request only after having fulfilled such requirements).

You have the right to be informed what personal data is processed about you. We will respond to such request for access to personal data as soon as possible, but within twenty-five (25) days from its submission at the latest. We may request the provision of additional information necessary to confirm your identity. You are also entitled to object to the processing of your personal data if processing or transfer of personal data is necessary solely for the performance of a contractual obligation, necessary for the enforcement of the legitimate interest of ours, a data recipient or any other third person (except if the data processing is compulsory); as well as if permitted by law. Such objection will be investigated by us within fifteen (15) days of filing the objection. If you do not agree with our decision as regards any objection, you are entitled to initiate court proceedings within thirty (30) days after receipt of the decision refusing such objection.

If you consider that your privacy and data protection rights have been infringed, you may contact the relevant data protection authority supervising the activities of the Company, namely the Hungarian National Data Protection and Freedom of Information Agency (Nemzeti Adatvédelmi és Információszabadság Hatóság, H-1024 Budapest, Szilágyi Erzsébet fasor 22/C.; phone: +36-1-391-1400; fax: +36 1 391 1410; email: ugyfelszolgalat@naih.hu)or to the competent data protection regulatory authority located in the European Union’s relevant Member State where your habitual residence, place of work or place of the alleged infringement is.

This Website may contain links to third party websites. These linked websites are not under our control, and are regulated by their own privacy policies. We are not responsible for the privacy practices of any such linked websites.

HOW CAN YOU CONTACT US ABOUT THIS PRIVACY NOTICE?

For more information regarding privacy and data protection inquiries and requests by Data Subjects, please contact the Company’s dedicated channels (postal address: 1475 Budapest Pf.: 27; email:dataprotection@richter.hu).