1. Personal Data Controller:
|Name||Inpharmatis Group LLC|
|Legal Address||11 Raina Boulevard, Riga, LV-1050, Latvia|
|Telephone Number||+371 6000 3500|
2.1. Personal Data — any information that relates to an individual who can be directly or indirectly identified. Names, email addresses, location information gender, and web cookies are personal data.
2.2. Data Processing — any action performed on Personal Data, whether automated or manual, e.g., collection, recording, organisation, structuring, storage, adaptation, or alteration.
2.3. Data Subject — the Website visitor whose data is processed by Inpharmatis.
2.4. Data Controller — Inpharmatis, its employees, contractors, and third-party service providers acting on behalf of and under the instruction of any of Inpharmatis Group companies.
2.5. Data Processor — any natural or legal person, which processes Personal Data on behalf of Inpharmatis, i.e., which assists and performs the Inpharmatis’ instructions. Data Processor submits the rules of GDPR.
2.6. Cookie — a small file placed automatically on Data Subject’s hard disk, as by a Website or online service, for the purpose of storing information about and recognising the user.
2.7. Pharmacovigilance — activities that aim to detect, assess, understand, and prevent adverse effects with pharmaceutical products including prescription medicines, over-the-counter medicines, and medical devices.
2.8. Supervisory Authority — an independent public authority, established to supervise compliance of any of Inpharmatis Group company with requirements for Data Processing, as well as to perform other rights and duties stated in the GDPR. The lead Supervisory Authority for Inpharmatis is the Data Protection Regulator of Latvia (dvi.gov.lv).
2.9. Business Communication — personal contact with Data Subject by phone and e-mail, providing information about products and services, their costs, invitations to events, webinars, seminars, and sharing materials.
3. Types and purposes of Personal Data Processing
3.1. Website Visitors Personal Data
3.1.1. When Data Subject visits the Website, the browser on Data Subject device automatically sends information to Data Controller. Data Processing is carried out by installing Google cookies on the Data Subject’s device.
3.1.2. The following Personal Data is processing without Data Subject active submission thereof:
- data about devices and browsers
- device IP addresses
- information about Data Subject activity on the Website
3.1.2. The Website Visitors’ Personal Data will be processed by Inpharmatis for the following purposes:
- ensuring a smooth connection of the Website
- ensuring easy use of the Website
- evaluation of Website security and stability
- Inpharmatis marketing purposes
3.2. Website Visitors’ Personal Data when they contact Inpharmatis through e-mail or using the button “Contact Inpharmatis”
3.2.1. If Data Subject visits the Inpharmatis Website and has any questions, Inpharmatis offers Data Subject the opportunity to contact Inpharmatis by click on “Contact Inpharmatis” or Inpharmatis e-mail provided on the Website.
3.2.2. A valid business email address of Data Subject is required so that Inpharmatis knows who has sent the request and allows Inpharmatis to respond.
3.2.3. Supplementary Personal Data such as Name, Company Name, Business Information, Phone Number, E-mail, and others can be provided voluntarily. Supplementary Personal Data that Data Subject optionally provides serves to improve communication with Inpharmatis and Data Subject and make it more specific.
3.2.4. Data Subject Personal Data which is collected by click on “Contact Inpharmatis” or Inpharmatis e-mail is processed for Business Communication from Inpharmatis.
3.3. Website Visitors’ Personal Data when they register or download materials
3.3.1. Inpharmatis, as an expert in Life Science Industry, offers current and potential clients high-quality materials such as webinars, trainings, whitepapers, brochures, or other resources.
3.3.2. Inpharmatis asks Data Subjects to fill out the Form with their Personal Data before accessing these materials.
3.3.3. To fill out a Form to access Inpharmatis materials the following mandatory Personal Data is processed:
- Job title
- Company name
- Phone number
- Business e-mail
3.4. Personal Data for Pharmacovigilance
3.4.1. Data Controller processes information about adverse drug reactions by applicable Pharmacovigilance legislation. This information may allow to identify a person directly or indirectly and, in this case, are Personal Data that are protected by GDPR laws.
3.4.2. Data Subject provides information about adverse drug reactions electronically by phone +371 6721 0500 or email email@example.com.
3.4.3. Data Controller Pharmacovigilance obligations require the following recommended Personal Data is processed:
- Name of the reporter
- Contact phone and/or email of the Reporter
- Medicine suspected for the adverse reaction being reported
- Patient details of the suspected adverse reaction
- Relationship with the subject of the report
3.4.4. Data relating to the person suffering from an adverse drug reaction may include medical information concerning the adverse event, such as details of the medication suspected to cause the adverse event, including dosage, reasons for application, or changes to the usual regimen.
3.4.5. Subsequently, Data Controller may have to notify the competent health authorities of the issues reported by Data Subject.
3.4.6. Data Processing is done for reasons of public interest in the area of public health, such as ensuring high standards of quality and safety of health care, medicinal products, or medical devices (Art. 6.1. (c, e) and Art. 9.2. (i) GDPR) in conjunction with Pharmacovigilance laws.
4. Personal Data Processing
4.1. Data Controller processes Personal Data on the legal basis for Data Processing is Art. 6.1. of the GDPR.
4.2. Data Controller bases the processing of Data Subject Personal Data for the purposes mentioned above on Data Subject prior consent, to the extent such consent is mandatory under the applicable legal GDPR rules. When Data Subject is asked to click on/check “Accept All Cookie”, “I agree”, “Submit”, “Contact Inpharmatis” or similar buttons/checkboxes/functionalities in relation to the protection notice, doing so will be considered that Data Subject consents to the processing of Personal Data for the indicated purposes.
4.3. When consent is not legally required, such action will be considered as a mere acknowledgment and the legal basis will be legitimate interest: that of meeting Data Subject’s commercial needs and developing Data Controller’s commercial activities, without prejudice to Data Subject’s rights.
5. Personal Data Transfer
5.1. Personal Data is transferred when it is required in order to service clients, to protect Data Controller’s legitimate interests (e.g., to prevent or to facilitate investigation of criminal or illegal acts) as well as in other cases foreseen by legal acts.
5.2. Data Controller may provide Personal Data to courts, law enforcement authorities, bailiffs, notary offices, lawyers, state and municipal authorities, companies, institutions, organisations, and other similar institutions.
5.3. Personal Data may be also provided to service providers (e.g., financial advice, IT servicing, CRM service).
5.4. Personal Data is transferred only to the extent it is necessary.
5.6. Personal Data may be transferred to a third country on the legal basis of Art. 45.1. of the GDPR.
5.7. Data protection regulations differ in countries where Data Controller operates. Data Controller follows the country-specific Personal Data protection regulations and in case of discrepancies or inconsistencies among data privacy regulatory requirements complies with the Data Protection Regulator in Latvia requirements (dvi.gov.lv).
6. Rights of Data Subject
6.1. Inpharmatis will ensure that the rights of the Data Subject under Chapter 3 of GDPR are fully respected and will use reasonable measures to comply with them.
6.2. When the Personal Data is no longer necessary for the Data Processing purposes or when Data Subject submits a valid request (via e-mail firstname.lastname@example.org) to erase Personal Data and in the absence of any regulatory requirements to keep processing Personal Data, Inpharmatis erases Personal Data in a way that securely precludes restoration or recognition of the content.
6.3. The Data Subject may at any time exercise his/her rights by filing the request via post to Inpharmatis registered address or via electronic means (via email@example.com). Such request upon receipt by responsible persons is handled free of charge within 30 working days (term extensions possible under specific circumstances) and satisfied or rejected with reasons. Inpharmatis will have to verify Data Subject’s identity before implementing Data Subject rights.
7. Rights of Data Controller
7.2. This Policy is applicable only to the Inpharmatis Website and does not apply to other websites that may be consulted by the user through links linked to articles and/or pages of the site and linked links.