EL PHARMA is the trade name of EL PHARMA Romania S.R.L., a legal entity of Romanian nationality, with registered office in Balotești, Malul Roșu str. no. 4, ground floor, room 26, Ilfov county, postal code 077015, with Trade Register number J23/6150/2020, unique tax registration code RO 43466625 (hereinafter "EL PHARMA" or the "Company"). For the purposes of data protection legislation, we are an operator when we process your personal data.
When you use this website or interact with EL PHARMAin general, we may process your personal data in accordance with this Data Privacy Policy, as required by applicable law. The policy is based on the provisions of Regulation 2016/ 679 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC ("General Data Protection Regulation" or "GDPR") as well as applicable national law. The GDPR defines personal data as "any information relating to an identified or identifiable natural person ('data subject'); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier, such as a name, an identification number, location data, an online identifier, or to one or more factors specific to his or her physical, physiological, genetic, mental, economic, cultural or social identity".
EL PHARMA is committed to implementing the highest standards of confidentiality and transparency with respect to the personal data it processes in its day-to-day business. Full protection and transparency regarding the processing of your personal data in our business are our paramount goals.
Your interaction with EL PHARMA, where it involves the processing of your personal data, is subject to this Privacy Policy and Cookie Policy, respectively, when you browse our website. The purpose of these Policies is to inform you about how we collect, store and use personal data.
These details regarding the processing of your data differ depending on the nature of your relationship with EL PHARMA, i.e.: user of the website, customer, potential customer, legal representative of a contractual partner or the person designated by the latter in the performance of the contract with our Company, candidate for vacancies available within the Company, representative of a regulatory and supervisory authority. Depending on which category you fall into in terms of your interaction with EL PHARMA, the provisions set out below may become applicable to you accordingly.
As we are always open to hear your views, as well as to provide you with any additional information you may need regarding the processing of your data, we encourage you to contact EL PHARMA's Data Protection Officer at dataprotection@elpharma.ro, or by post or courier at 4 Malul Roșu str., com Balotești, village Balotești, jud. Ilfov, postal code 077015 - with the mention: to the attention of the EL PHARMA Data Protection Officer.
SPECIFIC PROVISIONS:
A. DATA ON CANDIDATES IN RECRUITMENT PROCESSES
1. What categories of personal data we process
In the context of organising and managing the recruitment process, we may process the following categories of personal data about you:
- information that you provide to us when applying for one of the vacancies at EL PHARMA by submitting a CV to us (e.g. by e-mail, via our website, in person) or that we receive from recruitment/ head-hunting agencies or other persons holding your CV.
The categories of data we may process in this context may include:
- identification data (name, surname, e-mail address, date of birth, place of residence, telephone number), data/ information publicly disclosed on professional online platforms, data on general education, specialist and other qualifications, previous experience, image (CV photo if you have chosen to include it), relevant personal and/ or professional skills (language, communication, organisational, digital skills);
- information provided in the context of participation in the actual recruitment process (participation in interviews/tests), consisting of any other data you may provide to us in this context, including data obtained by the Company resulting from testing your skills or knowledge, as well as information observed by the interviewers during any such interview, such as communication style, tone, engagement, personality traits (curiosity, creativity, etc.), teamwork, collaboration, leadership skills and management skills, to the extent that they emerge from the interview and are relevant to the recruitment process.
- in case of online interview sessions conducted via the "Microsoft Teams" service personal data consisting of: email address and account name, log data (IP address; date and time of use of MS Teams; data quantity information and MS Teams version), session information (date and time of session; session participants; session ID and password) and other session information stored in MS Teams, information/ data contained in text, video and audio files: text in chats; video and audio files for online conversation transmission.
2. The purpose and basis of processing this data
Personal data are processed for the purpose of contacting you, conducting the recruitment process, organizing interviews, preliminary checks of professional and personal aptitudes for a job vacancy, creating internal notes/ ratios/ files on the conduct of interviews/prelatable research, carrying out any necessary steps for the conclusion of the employment contract. The processing is carried out on the basis of: i) taking steps to conclude an employment contract [Article 6(1)(b) GDPR]; ii) fulfilling a legal obligation incumbent on the Company [Article 6(1)(c) GDPR].
In the context of your participation in recruitment processes, additional personal data may be requested from you and/ or prior checks on your professional and personal suitability may be carried out, including by conducting online interviews and making internal notes in this context on the basis of the legitimate interest of the Company [Article 6 (1) (f) GDPR].
Please note that in the recruitment process it is possible to use professional online platforms (e.g. LinkedIn) to carry out prior verification of professional and personal skills in relation to the nature and specifics of the position concerned, based on the legitimate interest of the Company [art. 6 para. 1 lit f GDPR].
If an employment contract is concluded, your personal data will be processed, in particular on the basis of i) the performance of an employment contract [Art. 6 (1) (b) GDPR] and ii) the fulfilment of legal obligations [Art. 6 (1) (c) GDPR], provided for by the Labour Code, the provisions on health and safety at work or other relevant legal provisions. Information on the processing of personal data in the context of employment relationships will be made available to you at the time of the conclusion of the employment contract.
3. How long we keep your personal data
Personal data shall be stored for specified periods, applying also the following criteria: i) the time limits laid down in accordance with the applicable legal provisions, ii) the time required for the expiry of legal and/ or prescription periods, and iii) the time limits and procedures laid down in accordance with internal rules, including those on data storage.
If the recruitment process has been completed by the conclusion of an employment contract, the data provided in the recruitment process will remain stored in your personnel file and will be stored for periods determined in accordance with the legal provisions or for periods determined in accordance with the above criteria - points ii and iii.
With respect to data stored following your prior consent, we store this data for a period of 3 (three) years as set out in the consent form or until you exercise your right to withdraw your consent, whichever is sooner. If you do not wish to be included in the Company's candidate database, this will not affect the recruitment process for the position to which you have applied, and your personal data will be deleted after a general period of 6 months from the date of completion of the recruitment process for the position concerned, subject to compliance with internal procedures on the data deletion process.
If your data has been stored and processed on the basis of our legitimate interest, the duration of storage shall be that determined according to the criteria indicated by the Controller or until the manifestation of the right to object to such processing, whichever is the earlier. In this situation we no longer process personal data, unless there are compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or the purpose of the processing is the establishment, exercise or defence of legal claims.
After the end of the declared storage period, the data may be retained only if necessary to comply with the applicable legal provisions and if there are legitimate and compelling reasons justifying the processing.
B. INCLUSION IN THE CANDIDATE DATABASE
1. What categories of personal data we process
If we have your consent, we process the personal data provided in your CV, as well as, if you have participated in a recruitment process that did not result in an employment contract, the information/ documents communicated/ obtained or resulting from the recruitment process, as detailed in the previous chapter.
2. Purpose and basis of the processing
We process the above categories of data for the purpose of including them in our database of candidates, so that we can contact you in the event of vacancies matching your profile.
The basis for the processing of your data in this context is your informed and voluntary consent - Article 6 para. (1) lit. a) of the GDPR.
If you do not wish to be included in the Company's database of candidates, this will not affect the recruitment process for the position to which you have applied and we will delete your personal data after a period of 6 months has passed since the date of completion of the recruitment process for the position concerned which has not been completed by the conclusion of the individual employment contract.
If there is no ongoing recruitment process for a position to which you have applied and we do not have your consent, you will not be included in our candidate database and we will not be able to send you information about future job opportunities in our company.
3. How long we keep your personal data
Your personal data will be processed solely for the purposes set out above for a period of 3 years from the date of this consent or until the date of the withdrawal of consent, whichever is the earlier. After this period, the data may be retained only if necessary to comply with applicable legal provisions.
You may withdraw your consent to this processing at any time without this withdrawal affecting the lawfulness of the processing carried out prior to this withdrawal.
C. HANDLING OF REQUESTS, COMPLAINTS, REFERRALS
1. What categories of personal data we process
When submitting a general request for information, a complaint, referral, you may provide us with certain categories of data which may include: name, surname, e-mail address and/or telephone number, position (if applicable), any other personal information you provide us with at the time of the request/complaint.
2. Purpose and basis of the processing
We may collect such personal data from you for the purpose of corresponding with you or for the purpose of formulating and sending a reply to you. Thus, if you make a request, complaint or referral we will process your data in order to deal with it. The basis for the processing of your data in this context is the legitimate interest of EL PHARMA - Article 6 para. (1) lit. f of the GDPR. There are situations where we have a legal obligation to respond to you and these are dealt with separately in this document.
3. How long we keep your personal data
We keep your personal data until the final settlement of your request and 3 years after the settlement. If a dispute arises between EL PHARMA and you, your personal data will be stored in EL PHARMA's systems until the final resolution of this dispute.
D. THE CONDUCT OF RELATIONS WITH THE COMPANY'S COMMERCIAL OR INSTITUTIONAL PARTNERS, RESPECTIVELY WITH PUBLIC AUTHORITIES
1. What categories of personal data we process
We may have access to information through a contractual relationship with public or private legal entities or through an interaction with an institutional partner/ regulatory and supervisory authority.
To this end, we may process personal data of representatives and contact persons designated by our partners, or of representatives of the authorities, as appropriate.
These may consist of: name, surname, position, telephone number and e-mail address, date of birth, signature. These data are transmitted to us by the representatives of our commercial partners, or by you yourself if you act as their legal representative or as a person involved by them in the process of concluding / executing the contract.
When you yourself are the Company's contractual partner, in addition to the information provided above, we may also process other categories of personal data from your identity document (such as your address, personal number code, ID card series and number), as well as financial data consisting of your bank account identification data.
For preliminary due-diligence or know-your-customer activities we may process data of beneficial owners or employees in a managerial position, i.e. first and last name, e-mail address, date of birth, dates of criminal convictions and offences, insofar as these are public.
Personal data such as: name and surname, date of birth, companies in which they are associated, positions held are processed to assess the creditworthiness of potential and current business partners.
For the conduct of business, online meetings (videocall) may be organised or electronic correspondence may be sent, which may include documents for validation/signature, in which case EL PHARMA may have access to information such as: account name, job title, e-mail address, profile picture (if added by the user), any other data available within the MS Office package, meeting data: date and time, participants, image, voice, chat texts, location (if activated by the participants), date and time of application use, status display.
2. Purpose and basis of the processing of these data
In this case, we may use the personal data that you provide to us or that we obtain in the manner described above for the purpose of managing your interaction with the authorities, i.e. for the purpose of managing and ensuring the smooth running of the relationship between the parties, including, but not limited to, signing the contract, issuing, paying or collecting the invoices issued in the context of that contract, as the case may be. We may also use your personal data for the purposes of internal due diligence or know-your-customer procedures prior to the conclusion of the contract.
Where appropriate, we may use the personal data you provide to us to measure the satisfaction of our business partners or for marketing research purposes.
To organise online meetings, EL PHARMA uses the services of contractual partners, namely Skype for Business and MS Teams, MS Office.
The basis for the processing of your data in the context of contractual relations is the conclusion and performance of the contract with your employer or the legal entity you represent, or even with you - when you are our contractual partner - Article 6 para. (1) lit. b of the GDPR, i.e. the common legitimate interest of the Company and the contractual partner to carry out that contractual relationship. In the preliminary stage of the conclusion of the contract with the legal entity, processing based on the legitimate interest of EL PHARMA may take place with a view to undertaking the minimum measures necessary to know the partners, due diligence processes, assessment of the good standing of the partners, online meetings - Art. 6 para. (1) lit. f of the GDPR, or the legal provisions applicable to EL PHARMA in these endeavours - Art. 6 para. (1) lit. c of the GDPR, including but not limited to Council Regulation (EC) 2580/2001 and Regulation 881/2002 (due diligence and KYC).
We may also, if necessary, process some of this data in the context of debt recovery activity and the resolution of any disputes or other legal situations that may arise in connection with the performance of the contract. In such cases, the basis for the processing is the legitimate interest of the Company to protect its financial situation and assets, Article 6 para. (1) lit. f of the GDPR, or the legal obligation to provide data for the purpose of carrying out judicial, legal or other extra-judicial proceedings in connection with the performance of the contract - Art 6 para. c of the GDPR. We may also process certain data for the purpose of defending or exercising EL PHARMA's rights and interests before notary publics, other public authorities or institutions, mediators and/ or other public or private dispute resolution bodies, our lawyers, consultants or other natural or legal persons, public or private, who are involved in the respective negotiations and/ or disputes. In such cases, the basis of the processing differs depending on the context in which these rights are exercised, and may be the contract concluded with you - Article 6(6). (1)(b) of the GDPR, or its legitimate interest - Art. 6 para. (1) lit. f of the GDPR.
There may be situations in which we process personal data in order to comply with EL PHARMA's obligations under tax law, anti-money laundering legislation or International Economic Sanctions. In such cases, the basis for processing is Article 6 para. (1) lit. c of the GDPR.
3. How long we keep your personal data
The storage period is determined by the duration of the contract and the applicable legal or contractual limitation period. The storage period of your data based on the contract may be extended if EL PHARMA is legally obliged to store it for a certain period - such as in the case of legal obligations in tax matters, where the storage period may be up to 10 years starting from the financial year following the financial year in which the relevant financial accounting document was issued/drawn up, or up to 5 years starting from 1 July of the financial year following the financial year in which the relevant accounting document was drawn up for those drawn up from January 2023 onwards.
If a dispute arises between EL PHARMA and the contractual partner, your personal data may be stored in EL PHARMA's systems until the dispute is finally resolved. In the case of data processed in the context of interaction with public authorities, the data of their representatives will be kept for the period of time related to the legal obligations under which the interaction took place.
E. ISSUING INVOICES
1. What categories of personal data we process
For invoices we may process personal data as follows:
- data filled in by the recipient's representative: name and surname, signature
- Invoices issued to natural persons: name, surname, address belonging to the natural person to whom the invoice is addressed.
2. Purpose and basis of the processing of these data
In this case, the data are processed for the performance of EL PHARMA's core business in compliance with applicable legal obligations. The basis for the processing of your data is Article 6 (1) lit. c of the GDPR, i.e. the fulfilment of a legal obligation, as set out in Annex 1 to Order 2634/2015.
We may also, where appropriate, process some of this data in the context of debt recovery activity and the resolution of any disputes or other legal situations that may arise in relation to the payment of invoices. In such cases, the basis for the processing is the legitimate interest of the Company to protect its financial situation and assets, Article 6 para. (1) lit. f of the GDPR, or the legal obligation to provide data for the purpose of judicial, legal or other extra-judicial proceedings in connection with the performance of the contract - art 6 para. c of the GDPR. We may also process certain data for the purpose of defending or exercising EL PHARMA's rights and interests before notary publics, other public authorities or institutions, mediators and/or other public or private bodies that settle disputes, our lawyers, consultants or other natural or legal persons, public or private, who are involved in the negotiations and/or disputes in question.
There may be situations in which we process personal data in order to comply with EL PHARMA's obligations under tax law, anti-money laundering legislation or International Economic Sanctions. In such cases, the basis for processing is Article 6 para. (1) lit. c of the GDPR.
3. How long we keep your personal data
The storage period is determined by the legal provisions, i.e. 10 years starting from the financial year following that in which the relevant accounting document was prepared, or 5 years starting from 1 July of the financial year following that in which the relevant accounting document was prepared for those prepared from January 2023 onwards.
If a dispute arises between EL PHARMA and the contractual partner, your personal data may be stored in EL PHARMA's systems until the dispute is finally resolved. In the case of data processed in the context of interaction with public authorities, the data of their representatives will be kept for the period of time relating to the legal obligations under which the interaction took place.
F. DOCUMENTATION OF SERVICES PROVIDED BY PARTNERS
1. What categories of personal data we process
We process your image (in photographs) for the purpose of documenting the services provided, usually at events organised by the Company or in which it participates.
2. Purpose and basis of the processing of these data
The basis for the processing of your data is Article 6(1) lit. c) of the GDPR, i.e. the fulfilment of a legal obligation, provided for in point 38 of Annex No. 1 to Order No. 2634/ 2015 on financial accounting documents.
3. How long we keep your personal data
The storage period is determined by the legal provisions, i.e. 10 years starting from the financial year following that in which the relevant accounting document was prepared, or 5 years starting from 1 July of the financial year following that in which the relevant accounting document was prepared for those prepared from January 2023 onwards. If a dispute arises between EL PHARMA and the contractual partner, your personal data may be stored in EL PHARMA's systems until the dispute is finally resolved.
G. DOCUMENT STORAGE
4. What categories of personal data we process
In accordance with the applicable legal provisions, i.e. item 38 of Annex No. 1 to Order No. 2634/2015 on financial accounting documents and/or Archives Act 16/1996, each company is legally obliged to archive documents for different periods of time. Thus, depending on the purpose of the processing, EL PHARMA will store your personal data for different periods of time. Data subjects are represented by contractual partners (if they are natural persons) or representatives of contractual partners.
5. Purpose and basis of the processing of these data
In order to comply with legal obligations, the Company archives documents containing personal data for the periods specified by the legislation. The basis for the processing of your data is Article 6 (1) lit. c of the GDPR, i.e. the fulfilment of a legal obligation, as provided for in point 38 of Annex no. 1 to Order no. 2634/2015 on financial accounting documents; Archives Act 16/1996.
6. How long we keep your personal data
The storage period is determined by legal provisions, depending on the purpose for which they were processed. The processing activities are set out within this document, each mentioning the period of processing by EL PHARMA.
H. PATIENT/HEALTHCARE PROFESSIONAL DATA (OTHER CATEGORIES OF REPORTERS) COLLECTED IN THE CONTEXT OF ADVERSE REACTION REPORTING or MEDICAL INQUIRIES
What personal data we process
We may process personal data that you provide to us when you report an adverse reaction to a medicinal product or another type of product, as a Data Controller when the adverse reaction report relates to products we distribute, and sometimes - as Data Processor when the processing is carried out in the context of providing pharmacovigilance services under a contract with the Marketing Authorisation Holder (MAH) of the product concerned by the report.
In addition, personal data provided in the context of a medical inquiry relating to the therapeutic area of the medicinal product or other scientific information are also processed for the purpose of providing a response and, where appropriate, for further documentation to establish the safety of the product.
For more information on such processing, please read the Privacy Notice (pharmacovigilance and medical information requests) .
I. DATA ON USERS OF OUR WEBSITE
Access to this website does not automatically imply the collection of personal data that directly identifies you. If you decide to provide us with personal data via the website, the above provisions apply to them, depending on the purpose for which you contact us.
However, we may process information that you provide to us when you access our website. Data that may be collected in this way by the Company in the process of administering and operating this website may include: name, surname, email address, any other data provided, directly or indirectly, in the context of your interaction with us, such as IP address.
When you visit our website, we use cookies to automatically collect technical information that can identify the user, which may include: IP address, type of browser used to browse the site, your operating system, data on website visits.
Further details on the use of cookies, including the purpose of their use, the basis of processing, the duration of storage, are set out in Company's Cookie Policy, available on our website.
J. DATA USED TO DEFEND OUR LEGITIMATE INTERESTS
There may be situations where we use or transmit information to protect our rights and business. These may include:
- Measures to protect your website from cyber attacks;
- Measures to prevent and detect fraud attempts, including the transmission of information to the competent public authorities;
- Measures to monitor traffic and communications to and from the Company in order to detect any incidents that may lead to the compromise of the Company's data and information security;
- Measures to manage various other risks.
1. What categories of personal data we process
The data and information that may be processed to carry out these activities of prevention and detection of potential risks to data security may be represented, as appropriate, by email address, IP address, type of equipment and browser used, MAC address, possible login data in the Company's applications and systems.
2. Purpose and grounds for processing these data
In this case, the basis for the processing of your data may be the legitimate interest of the Company - Article 6 para. (1) lit. f of the GDPR, or the legal obligations of the Company to ensure the security of the personal data it processes, by ensuring the security of the IT infrastructure - art 6 para. c of the GDPR.
3. How long we keep your personal data
The data processed for the purpose of ensuring the security of the IT infrastructure is never intended to identify the individual, but only to prevent, respectively detect and stop, in a timely manner, a cyber threat to the Company's equipment, systems and applications. For this purpose, data is stored for the minimum period necessary to achieve this purpose and no longer than 90 days.
K. EXERCISE OF THE RIGHTS OF DATA SUBJECTS
Under the provisions of Regulation 2016/679 data subjects have a number of rights that they can exercise in relation to the data controller. Exercising rights involves submitting a request/request to the data controller to perform certain operations on the data subject's data. To this end, EL PHARMA processes the data in the request submitted in order to formulate a response to the data subject.
1. What categories of personal data we process
EL PHARMA processes the following data: full name, telephone number, e-mail address, postal address, content of request, signature (if sent by post).
2. Purpose and grounds for processing these data
Your data will be processed for the purpose of providing the response to the request/request submitted and for performing operations on your data as requested. The basis for processing is Article 6 para. (1) lit. c of the GDPR, i.e. the legal obligation of the controller.
3. How long we keep your personal data
Your data will be kept for the duration of the resolution of the request and 3 years from the date of resolution. If a dispute arises between EL PHARMA and you, your personal data will be stored in EL PHARMA's systems until the final resolution of this dispute.
L. INTERACTION WITH SOCIAL MEDIA PLATFORMS
EL PHARMA uses social media platforms such as Facebook to promote its business. Interacting with EL PHARMA through the Platforms means that EL PHARMA may view public personal data within your account, such as: first and last name (or nickname, username), profile picture, other public information, message content (if you send us messages). PHARMA does not extract and store this data in its own databases.
Collection and registration in the company's access register of all persons wishing to enter the premises - company property: at the gate, the security guard keeps two access registers, according to the Methodological Rules for the application of Law 333/2003, namely one for (i) motor vehicles - where he records the registration number of the vehicle, the name and surname of the driver of the vehicle or of the delegate, the series and number of the identity card, the destination, the time of arrival, the time of departure, the no. of the permit/ invoice, remarks, and one for (ii) natural persons - where he records the data of the visitor: surname, first name, series and ID card number, destination (person visited - employee of the company), time of arrival, time of departure, remarks.
M. DATA COLLECTED AT THE ENTRANCE TO THE PREMISES WHERE WE OPERATE
1.What categories of personal data we process
Information that may be provided/collected when you enter the premises includes images that may be captured by cameras mounted by our video surveillance system that are appropriately marked.
2. Purpose and grounds for processing these data
We process this data in order to ensure the security, safety and protection of the goods and persons on the Company's premises, by installing video surveillance systems. In such cases, the basis for processing is the legal obligations that the Company has - Article 6 para. (1) lit. c of the GDPR, in conjunction with the legitimate interest of the Company to ensure the security of persons and property on the premises owned / used.
3. How long we keep your personal data
For images recorded by video surveillance cameras, we store the data for a maximum of 30 days, after which they are automatically deleted by overwriting. In certain situations, at the express request of the authorities, or in order to defend or exercise the interests and rights of the Company, certain recordings may be stored for a longer period of time, as determined by the Company, or until investigations are completed, as appropriate.
GENERAL PROVISIONS
Authorised person
It is possible that, in the course of its business, EL PHARMA processes personal data as a Data Processor; in these cases, EL PHARMA processes data only in accordance with the instructions of its partners, who determine the purpose and means of the processing, thus acting as Data Controllers. In the context of such processing, EL PHARMA will inform the data subjects about is status of Data Processor and will indicate to them the Data Controller in order to enable the data subjects to exercise their rights, including the information necessary for the processing.
Recipients of your personal data
We ensure that access to your data by third parties, private legal entities, is carried out in accordance with the legal provisions on data protection and confidentiality of information, on the basis of contracts concluded with them, in accordance with Article 28 of the GDPR in the case of data processors, ensuring the same level of protection, or in accordance with Article 26 of the GDPR, if they act together with the Company as joint controllers, as appropriate.
| Recipients | Processing for which data may be transferred |
| Companies within the PHOENIX group of companies, to which EL PHARMA belongs, - for internal administrative purposes or for auditing and monitoring our internal processes. We may also transfer your data to companies within the Phoenix group that provide products and services to us, such as information technology systems, or that carry out activities in collaboration with EL PHARMA. Access to your personal data is limited to those employees who need to know your personal data and who are subject to firm confidentiality commitments; |
|
| Providers of software and solutions for data storage or archiving, as appropriate. Recipients of data processed when conducting an online conversation using MS Teams include Microsoft Corporation (One Microsoft Way Redmond, WA 98052-6399 USA) and subcontractors used by Microsoft to deliver MS Teams. Microsoft provides an up-to-date list of subcontractors at the following URL under the heading 'List of subprocessors' and indicates which subcontractors are involved in which Microsoft services: https://www.microsoft.com/en-ww/trust-center/privacy/data-access. More information about data processing by Microsoft itself can be found at the following URL: https://docs.microsoft.com/de-de/microsoftteams/teams-privacy?view=o365-worldwide . |
|
| Providers of software maintenance services and/or technical equipment |
|
| Courier or mail service providers |
|
| Third party acquirers, to the extent that EL PHARMA's business would be transferred (in whole or in part) and personal data would be part of the assets subject to such a transaction or to other companies in the group of which EL PHARMA is part, who will comply with EL PHARMA's instructions regarding the processing of your personal data ; |
|
| Institutions or public authorities that request the provision of personal data for the fulfilment of their legal duties; |
|
| Other third parties who may have access to personal data in the performance of their duties, in the context of their interaction with the Company, such as: (i) authorities with regulatory and supervisory powers over the activities carried out by the Company; (ii) financial auditors and tax consultants; (iii) courts, bailiffs, notaries public; (iv) lawyers, mediators, experts who represent us or assist us in defending or exercising the rights and legitimate interests of the Company. |
|
| Providers of customer insight analytics solutions |
|
| Payment/banking service providers |
|
| Market research service providers |
|
| Other companies with whom we can develop joint programmes to market our goods and services |
|
| Suppliers and/or MAHs of products about which you have reported an adverse reaction |
For more information on data recipients - DAPP, please read the dedicated Privacy Notice (pharmacovigilance and medical inquiries). |
| National Agency for Medicines and Medical Devices of Romania in case of adverse reaction reports |
|
Where we store and to which countries we transfer your personal data
We currently store and process your personal data in Germany and Romania, as appropriate.
Your data is not transferred outside the EU. If and to the extent that, in the context of a particular processing operation, it would be necessary to transfer your personal data to third countries outside the EU or the EEA, any such transfer will be made in compliance with the requirements of the GDPR in terms of ensuring adequate safeguards for the transfer of data.
How we protect the security of your personal data
Ensuring the confidentiality of the personal data you submit to us is an important concern for us. We have implemented technical and organisational measures to maintain the confidentiality and security of your personal data in accordance with our internal procedures regarding the storage, disclosure and access of personal data. Personal data may be stored on our personal data technology systems, those of our contractors or in hard copy format.
The transmission of your personal data can be done using state-of-the-art encryption algorithms and we store it on secure servers while ensuring data redundancy.
The information you provide through the EL PHARMA website is automatically transmitted and verified in encrypted form using Secure Socket Layer (SSL). We do this to prevent misuse of data by third parties.
As for the other situations in which we process your personal data, we are constantly taking steps to increase the level of employee training in terms of compliance with data protection rules, and EL PHARMA employees are subject to firm confidentiality commitments.
Your rights under GDPR
The GDPR has established a number of rights of data subjects with regard to the processing of their data by controllers. In this context, you can request access to your data, correct any mistakes in our files and/or object to the processing of your personal data in certain cases.
You can also exercise your right to lodge a complaint with the competent Supervisory Authority or to go to court. Where applicable, you may also have the right to request the erasure of your personal data, the right to restrict the processing of your data and the right to data portability.
To exercise your rights, you can contact us:
- by e-mail to: dataprotection@elpharma.ro or
- by post or courier to the address Str. Malul Roșu nr. 4, com Balotești, village Balotești, jud. Ilfov, postal code 077015 with the mention to the attention of the EL PHARMA Data Protection Officer.
Please note the following if you wish to exercise these rights:
Identity. We take the confidentiality of all records containing personal data seriously. For this reason, we ask that you send us your requests for such records using the e-mail address/ identification information you use in your dealings with us. Otherwise, we reserve the right to verify your identity by requesting additional information to confirm your identity.
Response time. We will respond to any valid requests within a maximum of one month, unless this is particularly complicated or you have made several requests, in which case we will inform you within one month of the reasons for the delay and you will receive a response from us within a maximum of two months. We may need to ask you for more information in order to qualify your request. This will help us to act more quickly and shorten the response time to your request.
Third party rights. You should be aware that the exercise of your rights under the GDPR is not open-ended, and if a request from you would adversely affect the rights and freedoms of other data subjects we will not be able to honour your request.
| Rights of data subjects | Description |
| Access | You can ask us:
|
| Correction | You can ask us to rectify or complete inaccurate or incomplete personal data. We may try to verify the accuracy of the data before correcting it. |
| Deleting data | You can ask us to delete your personal data, but only if:
We are not obliged to comply with your request for erasure if the processing of personal data is necessary:
|
| Restriction of data processing | You can ask us to restrict the processing of personal data, but only if:
Where processing has been restricted, your personal data may, with the exception of storage, only be processed with the consent of the data subject or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of substantial public interest of the Union or a Member State. |
| Data portability | You can ask us to provide your personal data in a structured, commonly used and machine-readable format, or you can request that it be "ported" directly to another data controller, but in each case only if:
|
| Opposition | You may object at any time, for reasons relating to your particular situation, to the processing of your personal data on the basis of our legitimate interest, if you consider that your fundamental rights and freedoms prevail over this interest. You may also object at any time to the processing of your data for direct marketing purposes (including profiling), without giving any reason, in which case we will stop such processing as soon as possible. |
| Automatic decision-making | You may request not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you; or otherwise affects you to a significant extent. This right does not apply when:
|
| Withdrawal of consent | You have the right to withdraw your consent to a processing operation at any time where the processing is based on the consent of the data subject, without this withdrawal affecting the lawfulness of the processing carried out up to the date of withdrawal. |
| Complaints | You have the right to lodge a complaint with the supervisory authority about the processing of your personal data. In Romania, the contact details of the data protection supervisory authority are as follows: National Supervisory Authority for Personal Data Processing B-dul G-ral. Gheorghe Magheru nr. 28-30, Sector 1, postal code 010336, Bucharest, Romania Phone: +40.318.059.211 or +40.318.059.212; E-mail: anspdcp@dataprotection.ro Without prejudice to your right to contact the supervisory authority at any time, please contact us in advance, and we promise to make every effort to resolve any issues amicably. |
We remind you that you can contact the EL PHARMA Data Protection Officer at any time by sending your request in any of the following ways:
- by e-mail to: dataprotection@elpharma.ro, or
- by post or courier to the address: Str. Malul Roșu nr. 4, 077015 Balotești, Ilfov, Romania with the mention to the attention of the EL PHARMA Data Protection Officer.
Final provisions:
From time to time, as necessary, this Privacy Policy may be amended or updated. We will inform you of any material changes to it in a manner that ensures that you are informed, for example by posting on the Company's website or by any other appropriate means that ensures effective communication of changes to the terms of our processing of your data.
Kindly note that this Privacy Notice is available on our website in Romanian and in English version. In case of contradiction between the two versions, the Romanian one prevails.
Date of version: 27.05.2024