Pharmacosmos UK (Pharmacosmos) is a limited company registered in England and Wales whose registered office is The White Building, 6th Floor, 33 Kings Road, Reading, RG1 3AR. We take our Data Protection obligations very seriously and this notice gives you information about our approach to Data Protection legislation (UK General Data Protection Regulation, Data Protection Act 2018, Privacy & Electronic Communications Regulations (PECR)) and provides you with information about how we manage your personal data.
Pharmacosmos is required by law to collect complaints and safety information concerning our products and whilst doing so to also protect the personal data of the patient and the person reporting the safety information which could be a Health Care Professionals such as a nurse, a pharmacist or doctor.
At Pharmacosmos we collect all safety information on our products received from patients directly or through their Healthcare Professionals into a database. We analyse the data on a regular basis to determine if there is any new information about our products that we need to share with health authorities, doctors and patients. This is all done for the purpose of securing the safety of our products and patients.
We collect personal data from the following sources:
Why do we process this personal data?
We process this personal data about you for the following purposes:
For the purposes of this notice Pharmacosmos is the Data Controller. This means that we are responsible for deciding how we hold and use personal information about you. We are required under Data Protection Legislation to notify you of the information contained in this privacy notice.
Pharmacosmos is required by law to collect complaints, adverse events and other experiences concerning our products and to comply with Data Protection legislation. This Privacy Notice describes how and why we process Personal Data to protect public health and comply with legislation on the surveillance of the safety of our products i.e. Pharmacovigilance.
Please note our website and services are not intended for children and we do not knowingly collect data relating to children.
Pharmacovigilance: The science and activities relating to the detection, assessment, understanding and prevention of adverse effects or any other medicine-related problem.
Adverse event: Any untoward medicinal occurrence in a patient using a medicinal product.
Other experiences: Events describing the circumstances around the use of a drug which could potentially cause drug related problems, or which could potentially give new knowledge of a drug e.g. exposure during pregnancy or medication errors.
Personal Data: Any data that relates to a living identifiable individual e.g. name, date of birth, email address, medical history or occupation.
Sensitive Data: Concerns special categories of Personal Data that by their nature are sensitive, such as those relating to health e.g. medical records, medical history, test results, religious beliefs, physical or mental health.
As any other pharmaceutical company, Pharmacosmos is under legal obligations to collect adverse events and other experiences, which may add information about the safety of our products. When you, your doctor, a nurse, a pharmacist or third party provide Pharmacosmos with information on an adverse event, experienced with the use of our products, we record and process the information in order to meet our Pharmacovigilance obligations.
If needed, we will revert to the reporter and request additional information about the experience. These obligations exist to allow Marketing Authorization Holders and Health Authorities to learn from the experiences of patients in order to minimize the risks for patients.
To maintain a license for our products worldwide, we are legally obliged to record the following data:
Pharmacosmos will collect and process your Personal Data for the purposes described below.
Depending on if you are a healthcare professional or a patient, we process your data for different purposes and therefore with different legal bases.
Patient subject to adverse events or other experiences:
When processing Personal Data of a patient, we process the following types of Personal and Special Category Data: name or initials, gender, age, medical history, type of medicine (i.e. our pharmaceutical product), medical history, and any other relevant medical data that may be contained in the report. The purpose of this processing is the fulfilment of our legal obligation to file a report on adverse events/adverse drug reactions in accordance with the
GDPR Article 6(1)(c) and Article 9(2)(i).
Reporter of adverse events or other experiences:
If you are the reporter of adverse events/other experiences, we may process your full name, professional information, contact data (i.e. phone number, address and/or email). The purpose of this processing is the fulfilment of our legal obligation to file a report on adverse events/adverse drug reaction GDPR article 6(1)(c).
We will only use your personal information for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your personal information for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.
Please note that we may process your personal information without your knowledge or consent, however only where this in accordance with Data Protection legislation, is required for a proportionate reason or is strictly permitted by law.
We only share your information where we are strictly able to and only in accordance with Data Protection legislation. Your Personal Data will be treated as confidential information by those, who are allowed to process your Personal Data, and will only be used for the purposes set out herein. It will be stored by Pharmacosmos or a contract third-party hosting IT provider.
We may transfer your Personal Data to our affiliated companies and other third parties:
If your Personal Data is transferred to one of our affiliated companies or a third party located in a country outside the EU/EEA, Pharmacosmos will ensure that such transfer(s) will be carried out in accordance with the applicable data protection legislation, including the GDPR.
If your Personal Data is transferred to our affiliated companies outside the EU/EEA, without an adequacy decision, the transfer will be based on Pharmacosmos Intra-Group Agreements including the EU Commission’s Standard Contractual Clauses.
Transfers to third parties outside the EU/EEA, without an adequacy decision, will be safeguarded by ensuring that the third party enters into the EU Commission’s Standard Contractual Clauses and the UK ICO Addendum and the relevant assessments (TRA/TIA).
Should such requirements change, we will review the obligations and amend this notice as appropriate. More information can be obtained by contacting our Data Protection Officer.
Our retention schedule is in place to ensure your Personal Data is maintained only for as long as is necessary to achieve the respective purpose of the processing or to be able to comply with legal obligations (e.g. data retention requirements). We will keep your Personal Data for the following period of time:
Further information regarding our retention of your Personal Data can be obtained from our Data Protection Officer.
It is important that the personal information we hold about you is accurate and current. Please keep us informed if your personal information changes.
Your rights in connection with personal information
Under certain circumstances, by law you have the right to:
Right to be informed by the provision of a privacy notice when your personal information is processed.
Request access to your personal information (commonly known as a “data subject access request”). This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it.
Request rectification of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
Request erasure of your personal information. This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing.
Right to object to processing of your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal information for direct marketing purposes.
Request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you.
Request the transfer of your personal information to another party.
Automated decision making we do not currently use automated decision-making technology, however should this change we will update this notice appropriately.
If you want to exercise any of your rights, please contact our Data Protection Officer in writing.
We have put in place appropriate security measures to prevent your personal information from being accidently lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to our personal information to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal information on our instructions, and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected data security breaches and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.
Third parties will only process your personal information on our instructions and where they have agreed to treat the information confidentially and to keep it secure.
We have appointed a Data Protection Officer to oversee compliance with our Data Protection obligations. Our DPO can be contacted a info@pharmacosmos.co.uk or in writing to our registered office, The White Building, 6th Floor, 33 Kings Road, Reading, RG1 3AR.
If you have any questions about this privacy notice or how we handle your personal information, please contact our DPO. You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for Data Protection legislation.
From time to time, we may revise this Privacy Notice. Any such changes will be reflected on this page. Pharmacosmos recommends that you review this Privacy Notice regularly for any updates. The date on which this notice was last revised is located below.
V.1.0 Initial creation 16/03/23 DPO
