The controller of your personal data is Servier Pharma, d.o.o., Podmilščakova ulica 24, 1000 Ljubljana, a company registration number: 1646737000 (hereinafter referred to as the “Controller”). The data protection officer of the controller is Mr Fabrice Barbu.
1. What data do we collect?
We may collect some or all of the following personal data from users of Our Site:
- Data that you give to us through your use of the Contact space of Our Site: first name, last name, email address, telephone number, postal address.
- Data that we collect automatically for statistical purposes using cookies: pages visited, dates and times of access, preferred content, operating system, type of browser used, type of hardware used, etc. It must be noted that our statistics cookies do not allow the personal identification of a natural person.
In accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27th April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation or GDPR), personal data means any information that can identify you directly or indirectly (hereinafter referred to as “Individual”).
2. How do we use your data?
Under the GDPR, our use of your personal data must always have a lawful basis. The data controller processes the above-mentioned types of data on different grounds. These grounds may be the individual’s consent, a contractual relationship, the controller’s legal obligations or the controller’s legitimate interest.
Your data may be used for the following purposes:
- To produce statistical analyses, particularly of Site traffic.
- To manage and improve the Site for optimal User browsing.
- To respond to requests or questions by Users and to provide them with technical assistance, if needed.
- To monitor requests made about our products or services.
- To process pharmacovigilance case reports regarding our products or services (i.e. reports about safety of our products).
- To process reports on suspected falsified products.
- To process quality complaints about our products/services.
- To comply with the legal and regulatory obligations applicable to controller.
We do not further process the data in a manner that is incompatible with the purposes described above.
3. What are your rights?
You have the right to request access to personal data and the rectification or erasure of personal data or the restriction of data processing in relation to data concerning yourself. You also have the right to object to processing and to data transfer.
When processing is based on consent, you have the right to withdraw your consent at any time, without affecting the lawfulness of the processing carried out on the basis of your consent up to the time of withdrawal.
You can exercise your claims or rights with the controller:
- by email, at the following address: email@example.com
- or by mail, at the following address: Servier Pharma d.o.o., Podmilščakova ulica 24, 1000 Ljubljana.
If you have any reason to complain about the use of your personal data, you have the right to lodge a complaint with the competent data protection authority in your country. In the Republic of Slovenia, this is the Information Commissioner (Information Commissioner, Dunajska cesta 22, 1000 Ljubljana, tel. 01 230 97 30, e-mail: firstname.lastname@example.org).
4. How long do we keep your personal data?
Your personal data collected by SERVIER are kept in a form that permits your identification for no longer than is necessary for the purposes for which the personal data are processed. More specifically:
- Personal data collected for audience measurement purposes are kept for 6 months;
- Personal data collected for research activities are kept in the information systems of the data controller, participating centre or healthcare professional taking part in the research until the study product is marketed or until 2 years following the last publication of the study results or, in the absence of publication, until the signature of the final study report. The data are then archived in paper or electronic form for a period in accordance with applicable laws and regulations;
- Personal data collected for pharmacovigilance activities are kept for 10 years after the relevant marketing authorisation has ceased to exist; the data are then deleted or archived in an anonymised form, unless otherwise envisaged by mandatory local regulations;
- Personal data collected for the management of medical information are kept for 10 years after your request;
- Personal data collected for scientific medical liaison with healthcare professionals are kept for 5 years after your last interaction with SERVIER, then are archived for 5 years and deleted;
- Personal data collected for managing relationships with healthcare professionals in connection with clinical trials are kept until the study product is marketed or until the final study report or until the publication of the study results. They are then archived in paper or electronic form for a period in accordance with applicable laws and regulations;
- Personal data collected for communication and relationship management and promotional activities (contacts with healthcare professionals) are kept for 5 years after your last interaction with SERVIER, then archived for 5 years and deleted;
- Personal data collected for transparency management are kept, archived and destroyed in accordance with applicable laws and regulations;
- Personal data collected for any other type of correspondence are kept for 13 months.
5. How do we safeguard your personal data?
We have put in place appropriate and commercially reasonable technical and organisational security measures to store your personal data that we collect and keep confidential and to protect them against unauthorised or unlawful disclosure or access, accidental loss, destruction, alteration or damage taking into consideration the state of art of technology and the cost of implementation.
6. Do we share your personal data?
Your personal data processed by the data controller will only be accessible by a limited list of recipients on a need-to-know basis or where required by law, including but not limited to:
- The departments and personnel of the data controller and other legal entities of the Servier Group with a need to know.
- The suppliers and service providers of the data controller, particularly those responsible for hosting the Site, producing the Site, who may be called upon to access the personal data of Users for purposes strictly necessary for their work.
- The competent authorities such as health authorities in certain legally defined cases.
7. Applicable law
Any use of conflict of laws rules that restrict the full enforcement of the above rules is hereby excluded. The regulations therefore apply to all users who browse the website and who use all or part of its functions.