Pharmacovigilance Data Privacy Notice

 

Controller

Biocodex Oy

Metsänneidonkuja 8, P.O. Box 52, FI-02101 Espoo, Finland

+358 9 329 59100

info@biocodex.fi

(hereafter ”we” or ”Biocodex Oy”)

Contact person for register matters

Data Privacy Coordinator

Metsänneidonkuja 8, P.O Box 52, FI-02101 Espoo, Finland

+358  9 329 59100

dataprivacy@biocodex.fi

Name of register

PHARMACOVIGILANCE DATA REGISTER

What is the legal basis for and purpose of the processing of personal data?

Medicinal products and serious medical devices safety events

The basis for processing personal data in relation medicinal products is the performance of a pharmacovigilance services within Biocodex, which include the performance of contracts and legal requirements.

The purpose of the processing of personal data is;

  • fulfill the contractual obligations
  • to fulfil the legal requirements of collecting personal details in a situation of pharmacovigilance

 

Food supplements and non-serious medical devices safety events

The basis for processing personal data is to fulfil the Biocodex business purpose, e.g. the legitimate interest of the company based on customer relationship or other connection or; the performance of a contract.

The purpose of the processing of personal data is;

  • personal consent
  • fulfill the contractual obligations

What data do we process?

We process the following personal data of the customer or other data subject in connection with the customer register;

  • basic information of the following data subjects
    • reporter name*, contact information*, occupation*;
    • patient name*/initials*, date of birth, gender, medical information*, contact information;
  • contact information of the data subject such as email address, phone number, street address;
  • medical information used medicines, experienced undesirable effects or special situations, medical history details such as illnesses, operations, previous medications etc.
  • we may also collect other possible information such as time and place of incident and other relevant details relating to the incident.

 

Providing the information marked with a star is a prerequisite for our contractual relationship and/or customer relationship. We cannot deliver the product and/or service without the necessary information.

 

From where do we receive information?

We receive data primarily from the following sources e.g.spontaneous reports from health care professionals, consumers and patients, authorities, literature, clinical  and market research studies.

We may also receive personal details internally from our product complaints team and through our medical information queries.

For the purposes described in this privacy notice, personal data may also be collected and updated from publicly available sources and based on information received from authorities or other third parties within the limits of the applicable laws and regulations. Data updating of this kind is performed manually.

To whom do we disclose data and do we transfer data outside of EU or EEA?

Data can be disclosed to the applicable Biocodex Pharmacovigilance employees with access limitatons, to the customers of Biocodex Pharmaceutical services in EU, but personal data is encrypted, as agreed in special service agreement / in accordance with legislative requirements.

Data is disclosed to authorities in accordance with legislative requirements or a special request.

 

How do we protect the data and how long do we store them?

We store pharmacovigilance data in paper and electronic format and ensure only those of our employees, who on behalf of their work are entitled to process customer data, are entitled to use a system containing personal data. Each user has a personal username and password to the system. The information is collected into databases that are protected by firewalls, passwords and other technical measures. The databases and the backup copies of them are in locked premises and can be accessed only by certain pre-designated persons.

 

Medicinal products and serious medical devices safety events

We store personal data as per the legal requirement; in EU 10 years after the expiry date of the medicine’s marketing authorization globally, and in Finland 50 years after the expiry date of the medicine’s marketing authorization.

In the case where we are providing pharmacovigilance services to MAH (marketing authorization holders) we store the information for the duration of the contract. When the service relationship ends, we transfer all personal data  to the MAH partner as specified in the contract.

 

Food supplements and non-serious medical devices safety events

We store the personal data for the duration of the related service contract. When the service relationship ends, we transfer all personal data  to the partner as specified in the contract.

 

We regularly assess the need for data retention in light of the applicable legislation. In addition, we take reasonable measures to ensure that the personal data in the register is not incompatible, obsolete or inaccurate considering the purpose of the processing. We rectify or delete such information without delay.

 

What are your rights as a data subject?

As a data subject you have a right to inspect the personal data concerning yourself, which is stored in the register, and a right to require rectification of the data, provided that the request has a legal basis.

As a data subject, you have a right, according to EU’s General Data Protection Regulation (applied from 25.5.2018) to object processing or request restricting the processing and lodge a complaint with a supervisory authority responsible for processing personal data.

For specific personal reasons, you also have the right to object to processing operations, when the processing of your data is based on our customer relationship with you. In connection with your request, you will need to identify the specific situation, based on which you object to the processing. We can refuse the request of objection only on legal grounds.

As a data subject you have the right to object to processing at any time free of charge.

Who can you be in contact with?

All contacts and requests concerning this privacy notice must be submitted in writing or in person to the person mentioned in section two (2).

Changes in the Privacy Notice

Should we make amendments to this privacy notice we will place the amended statement on our website, with an indication of the amendment date. If the amendments are significant, we may also inform you about this by other means, for example by sending an email or placing a bulletin on our homepage. We recommend that you regularly visit out webpage and notice possible amendments to this privacy notice. Review these privacy protection principles from time to time to ensure you are aware of any amendments made.