UK & Ireland Drug Safety Privacy Statement
Last update: October 2023
For the purposes of this Privacy Statement:
- "Almirall", "we", "us", "our" means Almirall, Limited.
- "Personal Data" means any information relating to an identifiable person
- "Adverse Event" means a side effect occurring in association with the use of an Almirall product (medicine, cosmetic or device), such as an undesired or unintended harmful event, or a special situation for which safety data must be collected e.g., pregnancy, breast feeding.
This document forms part of the overall Almirall Limited privacy statement and describes how we process personal data in relation to adverse events, both in relation to adverse event reporters and adverse event subjects. Collecting data on adverse events helps to build an understanding of the potential side effects of drugs, fulfilling a key objective of protecting patients and public health.
Almirall Limited process personal data in line with legal requirements. If you have any questions regarding this privacy statement, or how we process your data, you can contact our global data protection officer at dpo.global@almirall.com, or write to the Pharmacovigilance Team at Almirall Limited, Harman House, 1 George Street, Uxbridge, Middlesex, UB8 1QQ, United Kingdom
1. Basic information
| HOW WILL ALMIRALL PROCESS PERSONAL DATA ASSOCIATED WITH AN ADVERSE EVENT? | |
|---|---|
| Who is the controller of the data you provide us? | Almirall Limited, a company based in the UK See additional information in Section 2.1 below |
| For what purposes do we use your Personal Data? | To contact reporters for additional information about an adverse event case, and to enable detailed evaluation of adverse event cases including their association with Almirall products. See additional information in Section 2.3 below |
| What is the lawful basis to process your Personal Data? | The lawful basis relevant to the processing of personal data for adverse events is legal obligation. See additional information in Section 2.5 below |
| What data do we process? | Adverse event reporter contact type/contact information, adverse event subject data such as gender, age/date of birth, medical/treatment history, and details of the side effects experienced. See additional information in Section 2.2 below |
| How long will we store your data? | During the commercial life of the product plus 10 years See additional information in Section 2.4 below |
| With whom will we share your data? | Sharing of certain adverse event case details with regulatory authorities is a legal obligation. Case data is anonymised when shared, so cannot be linked to an identifiable individual. See additional information in Section 2.6 below |
| What rights do you have in relation to your Personal Data and how can you exercise them? | You have the right to access your personal data associated with adverse event records held by Almirall Limited. See additional information in Section 2.7 below |
2. Additional information
2.1. WHO IS THE CONTROLLER OF THE DATA YOU PROVIDE?
The data controller is Almirall Limited – with registered address at Harman House, 1 George Street, Uxbridge, Middlesex, UB8 1QQ registered in England and Wales: company number 6320852.
For more information about this document or how we process your personal data, you may contact our Global Data Protection Officer at the e-mail address dpo.global@almirall.com. You can also contact Almirall Limited at the telephone number +44(0) 2071602500.
If you are based in the EU and have any questions about our privacy statement, your rights regarding your personal data, or how we use your personal data, please do not hesitate to contact our appointed EU representative, Symmetry Solutions Ltd, at:
- Email: almirall@symmetrygroup.ie
- Post: FAO Almirall EU Rep, Symmetry Solutions Ltd, The Tara Building, 11-15 Tara Street, Dublin 2, D02RY83, Ireland.
Our global drug safety database is managed and maintained by the Spanish parent company Almirall, SA, with registered office at Ronda General Mitre, 151, 08022 Barcelona (Spain), fitted with VAT A- 58869389 and registered in the Commercial Registry of Barcelona in Volume 21.795, Sheet 32, Page No. B-28.089.
2.2. WHAT PERSONAL DATA DO WE PROCESS?
We try to only collect the necessary personal information around an adverse event in line with our legal obligations. When contacted in the first instance, you can choose whether or not to be contacted again regarding the adverse event case. We might collect and process the following data:
a. If you are the adverse event reporter, we will record whether you are a patient or a healthcare professional, and the country in which you reside. If you agree, we might also collect personal data such as your full name, telephone number, e-mail address and/or postal address.
b. Personal data collected relating to the adverse event and to the adverse event subject may include: the type/severity/length of the adverse event and, independently non-identifiable subject details such as initials, date of birth, age, gender, weight, concomitant medications and relevant medical/treatment history.
2.3. FOR WHAT PURPOSES DO WE USE YOUR PERSONAL DATA?
The personal data provided, and set out in Section 2.2, will only be used to comply with our legal obligations. We will not use your data for any other purposes other than those indicated above.
The personal data collected is necessary to create a complete adverse event case, enabling 1) the possibility to contact the adverse event reporter again should further detail be required, and 2) an informed assessment of the relationship between the adverse event and the Almirall product.
2.4. FOR HOW LONG WILL WE KEEP YOUR PERSONAL DATA?
Where personal data has been collected about you in your role either as an adverse event reporter or adverse event subject, after the maximum period of one (1) year following the closure of the adverse event case, your data will be made unidentifiable. This data in redacted form will be stored securely in line with legal requirements to which Almirall is subject, during the commercial life of the product plus 10 years, in line with the applicable laws to which we are subject.
2.5. WHAT IS THE LAWFUL BASIS TO PROCESS YOUR PERSONAL DATA?
The lawful basis for processing personal data in adverse event cases is the legal obligation relating adverse event case handling. On the other hand, this processing pursues an aim of public interest in the area of health.
2.6. WITH WHOM WILL WE SHARE YOUR PERSONAL DATA?
Sharing of certain adverse event case details with regulatory authorities is a legal obligation. Case data is anonymised when shared, so cannot be linked to an identifiable individual by the regulatory authority.
Your data will not be shared with additional third parties other than our service providers contracted to support the management of adverse event cases. With these companies we have signed an agreement for the provision of services that guarantees the confidentiality of the information and its processing in accordance with the applicable legislation.
Whenever information needs to be transferred and that requires an International Transfer of personal data, Personal Data is duly protected by standard contractual clauses approved by the European Commission and/or UK standard contractual clauses, binding corporate rules of the data processor or other mechanisms that ensure appropriate safeguards for international transfers.
2.7. WHAT RIGHTS DO YOU HAVE IN RELATION TO YOUR PERSONAL DATA AND HOW CAN YOU EXERCISE THEM?
You have the right to access your personal data stored in relation to an adverse event case. Due to the legal requirements around adverse event reporting and management, the right to erasure and/or restriction of processing will not be applicable.
If you wish to make use of any of your rights, you can send a written request to the Pharmacovigilance Team at Almirall Ltd, Harman House, 1 George Street, Uxbridge, Middlesex, UB8 1QQ, United Kingdom.
Finally, we inform you that you can contact the Information Commissioner's Office (ICO); https://ico.org.uk or any European supervisory entity for any claim arising from the processing of your personal data. You can find an updated list of said organisations by jurisdiction at https://edpb.europa.eu/about-edpb/about-edpb/members_en.