Galderma Nordic AB - Vigilance Privacy Notice
Definitions used in this Privacy Notice
Galderma Vigilance and your privacy
Ensuring your safety is extremely important to Galderma and we take the safe use of all our products seriously. This Privacy Notice describes how we collect and use your personal data to help us fulfil our legal obligations to monitor the safety of all products we market or have in development. This is known as our vigilance obligations. This Privacy Notice also describes how we collect and use your personal data when you contact us with general questions about the use of our products.
Scope of this Privacy Notice
This Privacy Notice applies to information we collect from you by phone, fax, e-mail, post or online as part of the adverse event reporting regulations applicable to Galderma and to the information you submit to us concerning your use of our products. We may also be provided with information about you by a third party reporting an adverse event that affected you. Such third parties may include health care professionals, lawyers, market research agencies, Galderma sales representatives, relatives or other members of the public.
Information we collect and why we collect it
We collect personal data about you when you, or a third party, provide us with information about you in relation to your use of our products or an adverse event that affected you. Where you are reporting the adverse event yourself, please also refer to the Reporters section below.
Vigilance laws require us to take “detailed records” of every adverse event passed to us, which allow the event to be evaluated and collated with other adverse events recorded about that product. The personal data that we may collect about you when you are the subject of an adverse event report, to the extent you provide such data, is:
- name or initials;
- age and date of birth;
- weight and height;
- internal reference number;
- details of the product causing the event, including the dosage and duration you have been taking or were prescribed, the reason you have been using the product and any subsequent change to your regimen;
- details of other medicines or remedies you are taking or were taking at the time of the event, including the dosage you have been taking or were prescribed, the period of time you were taking that medicine, the reason you have been taking that medicine and any subsequent change to your regimen;
- details of the adverse event you suffered, the treatment you received for that event, and any long-term effects the event has caused to your health; and
- other medical history considered relevant by the reporter, including documents such as lab reports, medication histories and patient histories.
Some of this information is considered by law to be “sensitive personal data” about you. This includes any of the following categories of personal data:
- health data;
- ethnicity or race;
This information is only intentionally processed where relevant and necessary to document properly the event that occurred to you and for the purpose of meeting our vigilance requirements. These requirements exist to allow us and competent vigilance authorities to diagnose, manage and prevent such adverse events from occurring in the future. We may incidentally collect your sensitive personal data if you volunteer it to us.
If you report an adverse event to us, either concerning yourself or a third-party, we are required to collect your personal data to ensure that adverse events are traceable and available for follow-up. As a result, we must keep sufficient information about reporters to allow us to contact you once we have received the report. The personal data that we may collect about you when you report an adverse event is your:
- contact details (which may include your address, e-mail address, phone number or fax number);
- profession (this information may determine the questions you are asked about an adverse event, depending on your assumed level of medical knowledge); and
- relationship with the subject of the report.
Where you are also the subject of a report, this information may be combined with the information you provide in relation to the event that occurred to you.
How we use and share your information
As part of meeting our vigilance obligations, we share your information with our offices in Switzerland, France and Sweden to meet our legal requirements to review patterns across every country where we market our products. In particular, we may use and share your information:
A) For purposes which are required by law:
- to investigate the adverse event;
- to collate the information about the adverse event with information about other adverse events received by Galderma to analyse the safety of a batch, Galderma product or active ingredient as a whole; and
- to provide mandatory reports to national authorities or other public authorities so that they can analyse the safety of a batch, Galderma product, generic or active ingredient as a whole alongside reports from other sources.
B) Where you give your consent:
- to contact you for further information about the adverse event you have reported; and
- to respond to any questions you may have concerning your use of our products.
C) Where this is necessary for purposes which are in our, or third parties, legitimate interests. These interests are:
- to analyse and improve our products; and
- to review and monitor the quality of our customer service.
We also use and share your personal data in the course of responding to any questions or concerns you may have concerning your use of our products, such as if you enquire about what to do if you did not adhere to the product's dosage requirements.
In addition, we share your personal data with service providers. These are external companies that we use to help us run our vigilance activities. Service providers, and their selected staff, are only allowed to access and use your personal data on our behalf for the specific tasks that they have been requested to carry out, based on our instructions, and are required to keep your personal data confidential and secure.
Personal data collected from you may also be transferred to a third party in the event that one of our products is sold, assigned or transferred, in which case we would require the buyer, assignee or transferee to treat that personal data in accordance with data protection laws.
We share information with national and European authorities in accordance with pharmacovigilance laws or industry codes.
The storage as well as the processing of your personal data as described above may require that your personal data are ultimately transferred/transmitted to, and/or stored at, a destination outside of your country of residence. When we share your personal data with an entity located outside of the European Economic Area (“EEA”) (e.g. other Nestlé Skin Health / Galderma entities or service providers), including to countries which have different data protection standards to those which apply in the EEA, we will put in place, in line with applicable legal requirements, appropriate safeguards to ensure that your personal data gets the same protection as it does here in the European Economic Area. These measures may include (i) entering into European Commission approved standard contractual clauses to protect your Personal Data (and you have a right to ask us for a copy of these clauses by contacting us as set out below) and/or (ii) will rely on your consent (where permitted by law).
How we store information
Because patient safety is so important, we retain all the information we gather about you as a result of an adverse event report or a query regarding a Galderma product to ensure that we can properly assess the safety of our products over time. To protect your privacy, when processing and transferring the data, we put in place measures to reduce the ability of the data to be linked back to you by pseudonymizing the data.
We retain vigilance reports for the retention periods required by law. Where we are not required by law to retain your personal data, we will keep your data only for as long as we need to it respond to any follow up questions you may have or to analyse and improve our products, after which we take steps to remove personal data from our systems.
Your rights in relation to your data
You may ask Galderma for a copy of your personal data, to correct it, erase or restrict its processing, or to ask us to transfer some of this information to other organisations. You may also have rights to object to some processing and, where we have asked for your consent to process your data, to withdraw this consent. These rights may be limited where we can demonstrate that we are unable to comply with your request. For example, for legal reasons we cannot delete information that has been collected as part of an adverse event report, unless it is inaccurate.
Where we require personal data to comply with legal obligations, then provision of such data is mandatory: if such data is not provided, then we will not be able to meet our reporting obligations. In all other cases, provision of requested personal data is optional.
We hope that we can satisfy queries you may have about the way we process your data. If you have any concerns about how we process your data, please contact our Group Data Protection Officer at [email protected] If you have unresolved concerns you also have the right to complain to data protection authorities.
Your data are submitted to Galderma Nordic AB, and in addition to be being stored in databases in Galderma Nordic AB are hosted and stored in databases on servers situated in Switzerland, which are owned and maintained by Galderma S.A., a Swiss limited liability company whose principal place of business is at:
Avenue Gratta-Paille 2 CH - 1018 Lausanne Switzerland If, at any time, you have questions or concerns about this Privacy Notice, please contact us at [email protected] Notice effective [2018-10-08]