INFORMATION CLAUSE ON PERSONAL DATA PROTECTION

Due to the entry into force of the EU General Data Protection Regulation (GDPR), which aims to standardize the rules for the processing of personal data within the European Union (EU), we provide below information regarding the processing of your personal data. As the Administrator, we are responsible for using them in a manner consistent with the contract and applicable regulations.

For what purpose and on what basis do we process your personal data?

We use your personal data obtained when concluding the contract and during its term for the following purposes:

  1. concluding and performing the contract between us, including considering complaints and making settlements during the term of the contract or until its completion (legal basis: Article 6(1b) of the GDPR);
  2. fulfilling our legal obligations under generally applicable laws, including tax and accounting regulations regarding, among others, issuing and storing VAT invoices and other documents, e.g. transport orders, transport documents (legal basis: Article 6(1c) of the GDPR);
  3. creating summaries, analyzes and statistics for our internal needs during the term of the contract, and after its termination for the period of limitation of claims arising from the contract (legal basis: Article 6(1f) of the GDPR - i.e. the legitimate interest of the administrator);
  4. determining, defending and pursuing claims arising from the contract within the limitation period (legal basis: Article 6(1f) of the GDPR - i.e. the legitimate interest of the administrator);
  5. verification of payment credibility when concluding, extending or extending the scope of this or another contract (legal basis: Article 6(1b) of the GDPR);

Who do we share your data with?

We transfer your data to:

  1. IT companies operating our IT systems or providing us with IT tools;
  2. entities providing us with services necessary to perform the contract concluded with you - if the contract concluded with you requires their participation, e.g. when ordering transport, sending correspondence;
  3. entities acting as intermediaries in the sale of our services and products, or organizing marketing campaigns;
  4. entities conducting payment activities, e.g. banks - in connection with payments made;
  5. entities providing legal, debt collection and tax services;
  6. entities authorized under applicable law (especially courts and state authorities).

Will your data be transferred outside the European Economic Area?

We do not currently and do not plan to transfer your data outside the European Economic Area (EEA), which includes the member states of the European Union and Norway, Iceland and Liechtenstein.

What is the data storage period?

Your data will be processed for the period:

  1. performance of the contract(s) - until its/them are terminated or expire;
  2. establishing, pursuing or defending against claims - until the limitation period for claims under the contract(s) or claims related to the processing of personal data;
  3. fulfilling our legal obligations - until the data storage obligations arising from legal provisions expire.

What rights do you have regarding the processing of personal data?

You can submit to us:

  1. application for:
  • access to data, including providing information about processed data or a copy of data;
  • correction of incorrect data;
  • deletion of data processed unjustifiably;
  • limiting processing by suspending operations on data for a specified period of time or not deleting data (the application must indicate the appropriate method of limiting processing);
  • transfer of data (if the conditions set out in Article 20(1) of the GDPR are met);
  1. objection to the processing of your personal data.

Please send applications to the following e-mail address: rodo@imed.com.pl  

Complaint

If you believe that we are processing your personal data contrary to the law, you have the right to lodge a complaint with the supervisory authority responsible for the protection of personal data.

The Contractor is obliged to provide the above information to the Contractor's representatives and employees, whose data was transferred to Imed Poland Sp .z o.o.

Pharmacovigilance (PV)

Information about adverse events collected and processed by the Company and the Partner may contain personal data (“PhV Personal Data”), i.e. information relating to an identified or identifiable natural person (“Data Subject”). Processing includes all operations performed on data, such as storage, alteration, retrieval, use and disclosure.

The Parties will process all PhV Personal Data in accordance with all applicable laws, rules, guidelines and regulations, as amended during the period of effectiveness of the data processing obligations arising from this Agreement (hereinafter "Data Protection Laws") and in accordance with this Agreement.

PhV Personal Data concerns the following Data Subjects:

- People who experienced adverse events

- People reporting adverse events (e.g. health care workers, others)

PhV Personal Data may include the following categories of data:

- Regarding the person who experienced adverse events: data such as initials, age, gender, pregnancy status, country, details of adverse events. Details of an adverse event may include sensitive personal information, such as information about health, racial and ethnic origin and sexual life.

 - Regarding the person reporting adverse events: contact information, such as name, e-mail address, telephone number, city, country.

Each Party guarantees that PhV Personal Data will be processed only for purposes related to legal and industry standard pharmacovigilance obligations and in accordance with the requirements set out in this Agreement.

Each Party will promptly notify the other Party (unless prohibited by law) of legally binding requests to disclose PhV Personal Data and any accidental or unauthorized access.

Each Party guarantees that it has implemented state-of-the-art technical and organizational security measures to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services and to prevent unauthorized access, accidental destruction or loss, unauthorized modification or deletion of PhV Personal Data.

Each Party ensures that a strict need-to-know principle is applied when providing access to PhV Personal Data.

Each Party guarantees that in the event of further processing related to PhV Personal Data, it has previously informed the other Party and that it has contractually ensured an adequate level of data protection with further data processors.