Pharmacovigilance Privacy Notice

INFORMATION pursuant to Articles 13 and 14 of EU Regulation 679/2016 and the Privacy Code as amended by Legislative Decree 101/2018, regarding Pharmacovigilance

Introduction 

For Kedrion S.p.A., your privacy and the security of your personal data are particularly important. Therefore, we collect and process such data with the utmost care and attention, while adopting specific technical and structural measures to ensure the full security of the processing. We inform you, pursuant to Article 13 of the European Regulation 2016/679 (hereinafter “Regulation”) and the Privacy Code as amended by Legislative Decree 101/2018, that the processing of your personal data is carried out in ways that ensure the security and confidentiality of your data; the processing is carried out using IT and/or telematic supports, as detailed in this information notice. This information notice concerns the processing of personal data of those who submit pharmacovigilance reports on Kedrion S.p.A. medicinal products, through the completion of the specific form provided by the Company and available on its website. Pharmacovigilance refers to the set of activities aimed at continuously evaluating all information related to drug safety and ensuring, for all medicines on the market, a favorable benefit/risk ratio for the population. The continuous evaluation of information related to drug safety and all activities aimed at ensuring a favorable risk/benefit ratio for marketed drugs fall within the scope of pharmacovigilance.

Data Controller 

The processing of your personal data is carried out by Kedrion S.p.A., as the Data Controller, pursuant to and for the purposes of EU Regulation 2016/679 and the Privacy Code as amended by Legislative Decree 101/2018. For any questions or requests related to the processing of your personal data, you can send a request to the following contacts: Data Controller Kedrion S.p.A. Legal address: Loc. Ai Conti Castelvecchio Pascoli (LU) Contact email: [email protected] The Data Controller has appointed a Data Protection Officer (DPO) who can be contacted regarding the policies and practices adopted in the field of personal data protection. The contact details of the Data Protection Officer are as follows: [email protected]

Types of Data and Purposes of Processing 

The personal data that Kedrion processes are your identification data, i.e., name, surname, tax code, physical and telematic address, landline and/or mobile phone number, as well as special data related to health. They are used by the Data Controller to fulfill preparatory, contingent, and consequential purposes related to Pharmacovigilance. Your personal data may also be collected from third parties such as, for example:

  • other data controllers, e.g., affiliated companies
  • lists and registers kept by public authorities or under their authority or similar entities based on specific national and/or international regulations;
  • private and public entities operating in the sector within the national and international territory with which the data controller has established information relationships;

Communication and Dissemination of Personal Data 

Your personal data will not be disseminated or disclosed to unidentified and unidentifiable subjects, not even as third parties. The Data Controller may transfer your personal data to companies controlled by Kedrion S.p.A., ensuring all security measures required by the regulations in force at the time.

Mandatory Data Provision and Legal Basis 

The provision of data is optional, but if you do not provide your personal data, including special health-related data, the Data Controller will not be able to process the request nor fulfill legal obligations regarding pharmacovigilance. The legal basis for the processing of identification data is a legal obligation. The legal basis for the processing of special categories of data is public interest in the field of public health.

Data Processing Methods 

The processing of your data is carried out through electronic and paper means and tools, by persons expressly authorized and trained according to the specific instructions of the Data Controller. The data are stored in paper, IT, and telematic archives located within the European Economic Area.

Data Retention 

Data related to pharmacovigilance reports are kept for ten years from the expiration of the Marketing Authorization (MA) of the drug subject to the report, except for any obligations under Union or national legislation or defensive needs of the Data Controller.

Transfer of Data Outside the EU 

The Data Controller may transfer your personal data to non-EU countries in accordance with the provisions in force regarding personal data protection under EU Regulation 679/2016, Regulation (EC) No. 45/2001, and Regulation (EC) No. 726/2004.

Rights of the Data Subject 

Your rights are those provided by EU Regulation 679/2016 in Articles 15-22, as well as those provided by the Privacy Code as amended by Legislative Decree 101/2018, such as, for example:

  • access your personal data and know their origin (the purposes and methods of processing, the data of the subjects to whom they are communicated, the retention period of your data or the criteria useful for determining it);
  • update or rectify your personal data so that they are always accurate and correct;
  • delete your personal data from the databases and/or archives, including backups, of the Data Controller;
  • limit the processing of your personal data in certain circumstances, such as when you have contested their accuracy, for the period necessary for the Data Controller to verify their accuracy.

For any further information and to send your request, you must contact the Data Controller at [email protected]. For reasons related to your particular situation, you can object at any time to the processing of your personal data if it is based on legitimate interest, by sending your request to the Data Controller at [email protected].

Complaint 

Without prejudice to any other administrative or judicial action, you can file a complaint with the supervisory authority as provided by EU Regulation 2016/679 and the Privacy Code as amended by Legislative Decree 101/2018.