Please note the following important information concerning the processing of personal data in connection with the dealing by Theramex HQ UK Limited (Theramex) with any enquiry, complaint or adverse event report.
How do we use your personal data?
Your personal data will be processed only for the purpose of dealing with the enquiry, complaint or adverse event report made by or for you.
What do we mean by an adverse event report?
Theramex is a pharmaceutical company that develops and markets medicinal products to support the health needs of women through every stage of life. The safety of all Theramex products in development or those marketed/distributed by us must be monitored on an ongoing basis.
It is possible that not even the most thorough of clinical development processes can detect every possible adverse reaction or side effect due to the different ways we as individuals may react to medicinal products. For this reason, it is of utmost importance that Theramex, alongside other pharmaceutical companies, are obliged to conduct pharmacovigilance or monitoring of any adverse events no matter how rare these may be in real terms, in accordance with our licenses. Pharmacovigilance obligations help us and regulatory bodies to capture and manage information about adverse events and ensure the highest quality and safety standards.
To effectively meet our pharmacovigilance obligations, we will need to collect and process certain information relating to adverse event reports and about the reporter and the affected individual (where different). This notice includes information about how personal data associated with any adverse event report is collected and treated by us.
What personal data do we collect about you?
We may collect and process the following categories of personal data associated with an enquiry, complaint or adverse event report made by you or on your behalf:
- Your name (including name prefix or title);
- Contact details including email or postal address, phone number(s) and social media username/handle; and
- Details of any enquiry or complaint submitted.
Where you are the subject of an adverse event report we may also process:
- Gender; age and date of birth; weight and height
- Special (sensitive) categories of personal information including but not limited to;
- racial or ethnic origin or sexual orientation;
- medical history, diagnostic data; other health related information provided by you (such as health information, disability and disability type, health risk factors, personal exposure and surveillance data);
- details of any relevant Theramex product being taken, prescription and dosage data, why it was taken and for how long;
- details of any other medicinal products that are being taken, prescription and dosage data, why it was taken and for how long; and
- details of the adverse event and any treatment received and other effects.
Where you are reporting an adverse event on behalf of the subject, we may also process:
- Professional role (for example whether you are a Healthcare Professional); and
- Relationship to the subject
How do we obtain your personal data?
Any personal data about you that we process is provided by you or on your behalf such as by a carer or a healthcare professional.
For what purpose and on what legal basis do we use your personal data?
Processing of personal data about you in relation to our pharmacovigilance obligations is done so in order to investigate the adverse event report, contact you if necessary to check facts or to gather further information and submit legally required reports to relevant regulatory authorities. We process such personal data based on our legal obligation to monitor, manage and report adverse events.
Processing of personal data for the purpose of responding to your enquiry or investigating your complaint is based on our legitimate interest as we would not be able to respond to your enquiry without processing your personal data.
How long will we keep your personal information?
Personal data processed for the purpose of responding to enquiries and complaints will only be retained for as long as necessary to fulfil the purposes for which it was collected and relevant to the exercise of any rights or in anticipating or seeking to resolve any issues or legal claims. Personal data relating to adverse events is subject to legal retention time frames relevant to the term of the product market availability and for a further period of up to 15 years after the product is no longer on the market.
With whom do we share your personal data?
Your personal data will be accessible to authorised Theramex employees, as well as to authorised employees of certain Theramex suppliers who provide Theramex with support services including IT, and response handling and subject to contractual safeguards. In addition, we may need to transfer your personal data associated with any adverse event report to certain regulatory agencies.
We may also disclose your personal data:
- In the event that we sell or buy any business or assets, in which case we will disclose your personal data to the prospective seller or buyer of such business or assets subject to the terms of this privacy notice; or
- If Theramex or substantially all of its assets are acquired by a third party, in which case, personal data held by Theramex will be one of the transferred assets.
Transfers of your personal data outside of your home country
We store your personal data on servers in the UK and Europe. We may on occasion also use the services of service providers or collaborate with subsidiaries in our group to whom personal data may be transferred.
Where we transfer personal data, we will take steps to ensure your data is subject to legal safeguards which are appropriate to the transfer and the data. This may include relying on a recognised legal adequacy mechanism, such as the use of specific approved contracts and upon approved standard contractual clauses for the protection of personal data.
Your rights in connection with personal data
You have the following rights under data protection law applicable to Theramex:
- to be informed about the collection and use of your personal data.
- to access and be provided with a copy of the personal data we hold about you.
- to have your personal data rectified, if any of your personal data held is inaccurate or incomplete.
- to request deletion of your personal data that we may have.
- to restrict and prevent the processing of your personal data (while we verify or investigate your concerns with this information).
- to object to the processing of your personal data, including profiling, where your personal data has been collected and processed on the basis of the legitimate interests of Theramex.
- to receive your personal data, which you have previously provided in a “commonly used and machine-readable format” and to have that data transmitted to another controller.
Where you are given the option to share your personal data with us, you can always choose not to do so. If you object to the processing of your personal data, we will respect that choice to the extent that this would not prejudice our ability to meet our legal obligations.
If any request or concern relating to the processing of your personal data is not satisfactorily resolved by us, you may approach your local data protection authority, (see https://commission.europa.eu/law/law-topic/data-protection/data-protection-eu_en#data-protection-in-the-eu-institutions-and-bodies). The Information Commissioner is the supervisory authority in the UK.
Should you have any queries relating to the processing of your personal data or any questions on the above please submit them to:
Data Privacy Request
or write to the following address:
Theramex – Legal Department