Privacy policy

INFORMATION CLAUSE ON THE PROTECTION OF PERSONAL DATA

As a result of the entry into force of the EU Regulation on the Protection of Personal Data (GDPR), whose purpose is to harmonize the rules for the processing of personal data within the European Union (EU), we provide below information about the processing of your personal data.

As an Administrator, we are responsible for their use in a manner consistent with the agreement and applicable regulations.

For what purpose and on what basis do we process your personal data?

We use your personal data obtained during the conclusion of the agreement and during it’s term for the following purposes:

  1. conclusion and execution of the contract, including the consideration of complaints and making settlements during the term of the contract or until their termination (legal basis: art. 6, paragraph. 1b of the GDPR);
  2. fulfilling legal obligations on the basis of generally applicable laws, including tax and accounting regulations, among others, issuing and storing VAT invoices and other documents, eg transport orders, transport documents (legal basis: art. 6, paragraph 1c of the GDPR);
  3. creating for our internal needs statements, analyses and statistics during the term of the agreement, and after termination for the period of limitation of claims arising from the contract (legal basis: Article 6 paragraph 1 f of the GDPR - that is the justified interest of the administrator);
  4. defining, defending and pursuing claims resulting from the agreement for the period of limitation (legal basis: art. 6 paragraph.1f of the GDPR – that is justified interest of the administrator);
  5. verification of payment credibility when concluding, extending or extension the scope of this or

a subsequent contract (legal basis: Article 6 paragraph 1b of the GDPR);

Who do we transfer your data to?

We provide your data:

  1. IT companies that support our IT systems or provide us with IT tools;
  2. entities that provide our services with the services necessary to perform the contract concluded with you - if the contract require their participation, eg for transport orders, mailing of correspondence;
  3. intermediaries entities in the sale of our services and products or organization of marketing campaigns linked to products;
  4. entities conducting payment activities, eg banks - in connection with payments;
  5. entities providing legal and debt collection services, tax services
  6. entities authorized under applicable law (especially courts and state authorities).

Will your data be transferred beyond of the European Economic Area?

We do not forward or plan to transfer your data in the future beyond of the European Economic Area (EEA), which covers the member countries of the European Union as well as Norway, Iceland and Liechtenstein.

What is the data retention period?

Your data will be stored for:

  1. a performance of the contract / contracts - until it is terminated or expires;
  2. establishing, investigating or defending against claims - until the time-barred when claims under the contract / contracts or claims related to the processing of personal data;
  3. fulfilment of legal obligations - until the obligation to store data resulting from legal provisions expires.

What are your rights related to the processing of personal data?

You can submit to us:

  1. application for:
  • access to data, including providing information on processed data or a copy of data;
  • rectification of incorrect data;
  • deletion of data processed unreasonably;
  • limiting processing by suspending operations on data for a specified period of time or not deleting data (the application should indicate the appropriate way to limit processing);
  • transfer of data (if the conditions contained in Article 20, paragraph 1, of the GDPR have been met)
  1. object to the processing of your personal data.

Applications please send to the email: rodo@imed.com.pl

Complaint

If you consider that we process your personal data against to the law, you have the right to lodge a complaint to the supervisory authority dealing with the protection of personal data.

The Contractor is obliged to provide the above information to the representatives and employees of the Contractor whose data have been provided to Imed Poland Sp. z o.o.

Pharmacovigilance (PV)

Adverse Event information collected and processed by Company and Partner may contain personal data (“PhV Personal Data”), i.e. information relating to an identified or identifiable natural person (“Data Subject”). Processing includes any operation performed on data such as storage, alteration, retrieval, use and disclosure.

The Parties shall process all PhV Personal Data in compliance with any applicable laws, rules, guidelines and regulations, all as amended during the effectiveness of data processing obligations under this Agreement (hereinafter "Data Protection Legislation"), and in accordance with this Agreement.

PhV Personal Data relates to following Data Subjects:

-              Individuals who have adverse events

-              Reporters of adverse events (e.g. health care professionals, other individuals)

PhV Personal Data may contain following data categories:

-              Individuals who have adverse events: Data like initials, age, gender, pregnancy status, country, adverse event details. Adverse event details may include sensitive personal data like information on health, racial and ethnic origin and sexual life.

-              Reporters of adverse events: Contact information like name, email address, telephone, city, country.

Each Party warrants processing PhV Personal Data solely for purposes related to legal and industry standard pharmacovigilance obligations and in compliance with requirements defined in this Agreement.

Each Party will promptly notify the other Party (unless legally prohibited) about legally binding requests for disclosure of the PhV Personal Data and any accidental or unauthorized access.

Each Party warrants that it has implemented state-of-the-art technical and organizational security measures to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services and to prevent unauthorized access, accidental destruction or loss, unauthorized modification or deletion of PhV Personal Data.

Each Party warrants applying a strict need-to-know principle when providing access to PhV Personal Data.

Each Party warrants that in the event of sub-processing related to PhV Personal Data, it has previously informed the other Party, and that it contractually ensured an adequate data protection level with its sub-processors.