Data Protection Information Notice For Pharmacovigilance Purposes
Natural persons will provide to UAB “Biomapas” (registered office at K. Donelaicio str. 60, Kaunas, Lithuania, legal entity code 135750888 (hereinafter referred to as “Biomapas”)) and/or to Biomapas group affiliate companies or each of Biomapas’ or affiliate companies’ contractors (all together referred to as the “Biomapas Group”), which service Biomapas clients, his/her personal data. The Biomapas and the Biomapas Group will collect, process and use personal data for pharmacovigilance purposes as defined below.
The purpose of this Data Protection Information Notice for Pharmacovigilance Purposes (hereinafter – the “Notice”) is to inform persons and their representatives (when applicable) about data processing purposes, data processing and transfer procedures within and outside the Biomapas Group, and is without prejudice to applicable local data protection/privacy laws which prevail over this Notice. It supplements – but does not replace and is without prejudice to – any specific local notices, policies or procedures that have been distributed to or agreed with relevant persons, if any, or that may be implemented in the future.
This Notice aims to explain how Biomapas, being data processor and acting on behalf of Biomapas clients (controllers purchasing pharmacovigilance services), processes and protects personal data when data subjects:
- reports an adverse event/adverse drug reaction in connection with Biomapas client’s product(s),
- requests information about one or more of Biomapas client’s products, or
- submits other claims or questions connected to pharmacovigilance issues, adverse events/adverse drug reactions or medical issues.
Biomapas will use the information data subjects (or other persons) provide to Biomapas about themselves (or other persons) via any channel (e.g. directly via email or contacting Biomapas through one of Biomapas Group contractors or through Biomapas Group websites) a question or an adverse event / adverse drug reaction notification, or by calling Biomapas in order to take the necessary actions regarding data subject’s request or notification.
This Notice supplements global and local data protection policies, notices or guidance (hereinafter – “Additional Policies“) of Biomapas and/or Biomapas Group, which set out the principles that apply to the use of personal data throughout Biomapas. The lists and examples below are non-exhaustive and may not be fully representative for every data subject addressed by this Notice. Wherever such Additional Policies are in any respect inconsistent with this Notice, this Notice shall only apply to the extent that it is consistent, or may be made consistent, with that Additional Policy.
The Data Protection Officer. The Data Protection Officer contacts: email: email@example.com; address: K. Donelaicio str. 60, Kaunas, Lithuania. Any queries in relation to personal data described in this Notice or enforcement of any of the below data subject’s rights shall be addressed to the Data Protection Officer via email as described in Section 4 of this Notice.
2. COLLECTION, PROCESSING AND USE OF PERSONAL DATA FOR THE PURPOSE OF PHARMACOVIGILANCE
Biomapas (any of Biomapas Group companies) will process the personal data with the following circumstances.
|Purposes of data processing||Legal basis of data processing||What personal data is processed?||Retention period|
Biomapas processes personal data in order to facilitate that all companies of Biomapas Group and Biomapas contractors and, especially, Biomapas clients purchasing pharmacovigilance services:
In order to be able to monitor the safety profile of Biomapas client’s products, Biomapas may:
Biomapas Group clients are obliged by pharmacovigilance legislation to record, process and store information on adverse events / adverse drug reactions and personal data included in such reports, furthermore to submit these reports according to the applicable legal regulations and they contract Biomapas Group companies to act as data processors on behalf of Biomapas Group client(-s) while performing mentioned legal obligations.
Such legal regulations are:
Personal data of the following personal data of listed data subjects might be processed for the pharmacovigilance purposes in accordance with this Notice:
(Based on GVP module VI. C.2.2. and paragraph 2 of Article 12 of Commission Implementing Regulation (EU) No 520/2012 of 19 June 2012 on the performance of pharmacovigilance activities provided for in Regulation (EC) No 726/2004 of the European Parliament and of the Council and Directive 2001/83/EC of the European Parliament and of the Council)
Biomapas may receive information on adverse events / adverse drug reactions from the below sources:
- healthcare processional (e.g. doctors, pharmacists, nurses);
- third person (e.g. patient family member);
- public source (e.g. medical journals);
- other sources.
Healthcare professionals are obliged by law to report adverse drug reaction they receive information on, however to regulatory authorities only. In most of the cases Biomapas will receive personal data from the above sources with direct data sharing, and originally Biomapas does not oblige persons to send Biomapas an adverse event / adverse drug reaction report, in case Biomapas receives any information concerning an adverse event / adverse drug reaction which might be in connection with any of Biomapas Group client’s product(-s), Biomapas will collect information on the case and handles it according to the defined pharmacovigilance procedure following legal acts establishing such obligations to Biomapas Group client. This results that Biomapas Group clients and contracted Biomapas Group companies or Biomapas Group contractors are obliged by law to process personal data as data processors or data subprocessors respectively on behalf of Biomapas Group client, after Biomapas will collect such personal data.
Following orders of Biomapas Group client and in accordance with the provisions of the contract concluded between Biomapas and Biomapas Group client, Biomapas will be always obliged to administer and register the contact details (name and other contact data) of the reporter of adverse event / adverse drug reaction.
Biomapas Group companies and/or Biomapas contractors (if applicable) may receive information addressed directly to Biomapas or Biomapas client itself on adverse events / adverse drug reactions in the below forms, through the below listed channels:
- email communication;
- personal communication;
- phone communication;
- any of Biomapas Group websites, social media;
- medical / scientific publication review;
- postal letter;
- Organized pharmacovigilance data collections systems;
- Eudravigilance database;
- National pharmacovigilance databases.
Terms and conditions for data processing. Personal data may be collected, stored, maintained and transferred, both digitally and in a material medium, by any means such as email and internet connection which are selected considering the nature of the data processed, ensure safe handling and prevent unauthorised access to personal data. During the handling of the reports Biomapas may carry out the following actions:
- Receiving the information on adverse event / adverse drug reaction via e-mail, via websites, via phone calls, via postal letters, via personal information sharing, via public source search.
- Registering and processing the adverse event / adverse drug reaction into Biomapas own, national and international databases, including databases used by Biomapas Group client to which Biomapas provides pharmacovigilance related services.
- Assessing the adverse event / adverse drug reaction (i.e. medical evaluation of the adverse event report).
- Follow up the adverse event (i.e. asking questions in connection with the adverse event if the originally provided or available information is not sufficient for the complex evaluation of the case).
- Transferring and disclosing data on adverse event / adverse drug reaction to recipients listed in Section 3 of this Notice below.
When Biomapas handles (including disclose) personal data, Biomapas always ensure confidentiality of the personal data, apply restricted access to the personal data, impose contractual safeguards on Biomapas Group contractors and partners as well as service providers, operates internal procedures in order to comply with Biomapas data protection obligations, operate sufficient technical and organizational measures to protect the personal data, and ensures the data protection principles, especially the principle of data minimisation and time and purpose limitation.
3. TRANSFER OF PERSONAL DATA
According to the pharmacovigilance legislation Biomapas Group company, Biomapas contractor or/and Biomapas Group client purchasing pharmacovigilance service may share personal data with, depending on the case, Biomapas Group client’s company group, with Biomapas Group and Biomapas contractors (rarely), with regulatory authorities (e.g. PV governmental inspections, submitting the case to EudraVigilance system (centralised European database of suspected adverse reactions to medicines) and/or with commercial partners (e.g. entities Biomapas Group client commercialize pharmaceutical products with; pharmacovigilance service partners, companies offering IT tools for pharmacovigilance service delivery; professional legal advisors)).
Only a limited number of individuals within Biomapas Group companies’ pharmacovigilance, information technology departments as well as certain managers will receive access to personal data processed by Biomapas for pharmacovigilance purposes. Access to personal data is restricted on need-to-know basis.
Whenever third-party service provider (e.g. Biomapas Group company, Biomapas contractor, IT service provider) is engaged by Biomapas in the course of pharmacovigilance service delivery Biomapas will (i) diligently choose such third-party service providers, and (ii) ensure that such third-party service providers adopt adequate technical and organizational security measures to safeguard personal data and use personal data only as instructed by Biomapas and appropriate company of Biomapas Group and for no other purposes.
Due to cross-border nature of pharmacovigilance service, Biomapas may transfer personal data to the mentioned entities residing in the European Economic Area (“EEA”) and rarely outside EEA, including in countries which do not adduce the same level of protection of personal data as in the EEA. Biomapas will only carry out personal data transfers outside the EEA where Biomapas is confident that the level of protection applied to personal data will be similar as if it had remained within the EEA. In such case where personal data is transferred outside the EEA, Biomapas will apply proper protection measures (e.g. Biomapas will apply appropriate internal rules or Standard Contractual Clauses) in order to ensure that personal data is adequately protected against unauthorized processing in such countries.
4. RIGHTS OF DATA SUBJECTS
Each data subject has a right, if applicable, to withdraw any of his/her consents for personal data processing (at any time, without affecting the lawfulness of processing before the consent given for data processing was withdrawn), to know (to be informed) about the processing of his/her personal data, to access personal data held about him/her and obtain a copy of personal data, to have inaccurate personal data corrected or to have personal data erased and to restrict or object processing of personal data for legitimate reasons. Each data subject has the right to data portability and to lodge a complaint with the State Data Protection Inspectorate as well as other competent authority in the country of data subject’s residence.
The Biomapas does not take decision upon automatic processing of data subject and/or its representative’s personal data, including profiling.
Please note, that the above-mentioned rights may be limited. Biomapas Group client (as well as Biomapas, Biomapas Group company and/or Biomapas contractor when acting on client’s behalf) is obliged by law to process pharmacovigilance data. In these cases, Biomapas as well as Biomapas Group clients are not allowed to delete some of personal data processed under this Notice. Of course, to the extent allowed by law Biomapas will suspend processing of and delete pharmacovigilance data.
You can also complain to your local Data Protection Authority if you are unhappy with how we have used your data. Biomapas is located in Lithuania and the contact details of Lithuanian Supervisory Authority are as follows:
State Data Protection Inspectorate, address: L. Sapiegos str. 17, LT-10312 Vilnius, Lithuania, email: firstname.lastname@example.org, website: https://vdai.lrv.lt/en/.
5. ACKNOWLEDGMENT WITH THE NOTICE
It is not an ultimate situation that Biomapas receives information directly from the data subjects (persons who are directly concerned by the adverse event or require product-related medical information). Informing data subjects about their data processing is a privacy principle. Biomapas Group is bound by this obligation even if the personal data is not received directly from the data subject her/himself. However, in some cases Biomapas does not possess enough information about the data subject (including the lack of contact data). In such cases Biomapas is not able to directly contact the data subjects and/or inform them directly, after Biomapas receives an information on them from the reporter.