Pharmacovigilance Privacy Policy

1. Context

At Tecnifar – Indústria Técnica Farmacêutica, S.A. (hereinafter referred to as Tecnifar), we respect the relationships we maintain with Patients, Health Professionals, Health Services, Partners, Regulatory Entities and other stakeholders in the Pharmacovigilance System, and we consider it extremely important to protect the privacy of all individuals whose personal information is processed in the performance of our activity.

2. Purpose and lawfulness of processing

Tecnifar is obliged by pharmacovigilance legislation to record, process and store information on adverse events/adverse drug reactions and the personal data included in these reports, and even to submit these reports in accordance with the applicable legal regulations. These legal regulations are:
– Implementing Regulation (EU) No 520/2012 of June 19, 2012 on the conduct of pharmacovigilance activities provided for in Regulation (EC) No 726/2004 of the European Parliament and of the Council and Directive 2001/83/EC of the European Parliament and of the Council;
– Guideline on Good Pharmacovigilance Practices – Module VI – Collection, management and submission of reports of suspected adverse drug reactions;
– Decree-Law no. 176/2006, of August 30th.

Therefore, as Data Controllers, we share with you through this policy information on how we process this data for Pharmacovigilance purposes, in compliance with our legal duties to monitor the safety, quality and efficacy of medicines that are still in clinical development, which we market, distribute, promote, or for which we hold a marketing authorization.

3. Data collected

In strict compliance with these obligations, the continuous evaluation of the benefits and risks of medicines, as well as the reporting of reactions or suspected adverse events to the competent authorities, we are required to process certain data.

Pharmacovigilance legislation requires the adoption of procedures aimed at obtaining accurate and verifiable data for the scientific evaluation of reports of suspected adverse reactions, as well as the monitoring of the respective reporting process.

In compliance with the above, the personal data of clinical trial participants and people for whom there has been or is a suspicion of an adverse reaction to a particular drug or other special cases of Pharmacovigilance (also referred to as Patients) are processed, as well as the data of health professionals and third parties (referred to as Notifiers) who collect and transmit the information in compliance with obligations arising from the legal framework of the Pharmacovigilance system. The personal data that Tecnifar may process are:

1) Regarding the Patient:
– Contact details (e-mail address, telephone number, fax number and address);
– Name and/or initials;
– Date of birth and/or age;
– Sex;
– Weight and height;
– Ethnicity;
– Information about the patient’s relatives (family medical history);
– Past and current medical treatments or medications;
– Clinical situation;
– Clinical history.

2) Regarding the Notifier:
– Contact details (e.g. e-mail address, telephone number, address);
– Name;
– Profession;
– Relationship with the patient;
– Place of work (institution, address, contact details).

We would point out that, in the case of clinical trials, in addition to the information mentioned above, additional information may be collected in accordance with the applicable legislation. Under the terms of the applicable legislation, the information collected, described above, may include data relating to health and ethnic origin and, for this reason, classified as sensitive personal data.

4. How we receive the data

Tecnifar may receive information on adverse events/suspected adverse drug reactions from the following sources:
– Sick;
– Health professional;
– Third person (e.g. caregiver, patient’s relative, lawyer, colleague);
– Public source (e.g. articles in the medical literature);
– Another source.

Tecnifar can receive information addressed directly to Tecnifar about adverse events/suspected adverse drug reactions through the following channels:
– Communication by e-mail;
– Personal communication;
– Communication by telephone;
– Postal mail.

4. How the data collected is used

In compliance with our Pharmacovigilance obligations, we will use the information for the following purposes:
– Receive, record and process information on the event or suspected adverse reaction, as well as other special pharmacovigilance cases;
– Evaluate the event or suspected adverse reaction, as well as other special pharmacovigilance cases;
– Follow up with the patient or notifier to obtain additional information on the reported adverse event;
– Transfer and disclose data on the event or suspected adverse reaction to the recipients listed under “TRANSMISSION OF PERSONAL DATA”.

5. Data retention

The data collected in the context of pharmacovigilance is kept for as long as the product is authorized and for an additional period of 10 years after the end of the marketing authorization. However, such data may be kept for a longer period where required by Union or local regulations or contractual requirements (GMP Module VI. C.2.2. and Article 12(2) of Implementing Regulation (EU) No 520/2012 of June 19, 2012 on the conduct of pharmacovigilance activities provided for in Regulation (EC) No 726/2004 of the European Parliament and of the Council and Directive 2001/83/EC of the European Parliament and of the Council).

7. International data transmissions

The personal data collected may be passed on to third parties in the event that one of our medicines is sold, assigned or licensed, in which case the purchaser, assignee or licensee will be required to ensure that their data is processed in accordance with the applicable legislation. The same can happen in cases related to medicines that are licensed, distributed and promoted by Tecnifar.

Tecnifar, as the promoter of a clinical trial and/or authorization holder, is obliged to keep detailed records of all suspected and actual adverse reactions occurring in Portugal, in any other member state or in third states, as well as to inform the competent authorities and their partners.

As an actor in the Pharmacovigilance system, we share information with the competent regulatory authorities (such as INFARMED I.P. and the European Medicines Agency), under the terms of the legislation in force.

If Tecnifar chooses to hire an external entity to carry out pharmacovigilance activities, it will act on Tecnifar’s instructions and will implement the appropriate technical and organizational measures to protect personal data against accidental or unlawful destruction, accidental loss, alteration, unauthorized disclosure or access, as well as guarantee a level of security appropriate to the risks inherent in the processing and the nature of the data to be protected.

8. International data transmissions

Whenever we have to transfer personal data for pharmacovigilance purposes to a third country outside the European Union or an international organization, we will first analyse the admissibility of the transfer, adopt technical and organizational security measures and apply the standard data protection clauses adopted by the European Commission.

8. Treatment safety measures

Tecnifar implements security measures of a technical and organizational nature necessary to guarantee the security of the personal data provided to us, in order to prevent its alteration, loss, unauthorized processing and/or access, taking into account the current state of technology, the nature of the data stored and the risks presented by the processing. We have implemented specific procedures for collecting, processing and circulating information.
We have a computerized system structured to allow access to information according to different user profiles, with different levels of access and different information handling privileges. Preventing unauthorized access to information. User profiles are kept up to date and deleted when the user no longer has access privileges and passwords are periodically changed.
We guarantee restricted physical and logical access to the system’s servers, which must keep a record of access to information in order to control operations and carry out internal and external audits. Likewise, backups of information are made and kept in a place accessible only to the system administrator or, under his supervision, to other technicians bound by professional secrecy.

9. Data subjects’ rights

In compliance with and to the extent of the provisions of the applicable legislation on the protection of personal data, the data subject may, at any time, exercise the rights of access, rectification, erasure, portability, limitation and opposition to the processing of their personal data, by means of a written request addressed to Tecnifar’s Data Protection Officer through the contacts described in the following point. Under the terms of the law, the data subject has the right to lodge a complaint regarding the protection of personal data with the competent supervisory authority, in the case of Portugal, the National Data Protection Commission (CNPD).

10. DPO contacts

If you have any questions about this Privacy Policy or how we use your personal data, please contact Tecnifar’s Data Protection Officer by e-mail: DPO@tecnifar.pt and/or from the address: Rua José Da Costa Pedreira, N.º 11 – B – Torre Sul, 1750-130 Lisboa.

12. Change control

Tecnifar reserves the right to amend, add to or revoke this Pharmacovigilance Privacy Policy, in whole or in part, at any time, in compliance with the General Data Protection Regulation (GDPR) and other applicable legislation. Without prejudice, Tecnifar undertakes to announce any changes by means of relevant notification.