Patients and Healthcare Professionals Privacy Policy

SERB highly values your personal privacy and is committed to respecting the privacy rights of all individuals. We ensure that the processing of personal data strictly adheres to the requirements of applicable laws and this privacy policy (the “Policy”).

This privacy policy (the “Policy“) covers the collection and the use of personal data concerning patients, as well as healthcare professionals(“HCPs”) (collectively “you”, “your“) by  SERB SAS, a company organized under French law, whose registered office is located at 40 avenue George V, 75008 Paris, France, and its affiliates (each hereinafter referred to as the “”Company”, “we”, “us”,our”, and collectively referred to as “SERB Group” ),  acting as data controllers either independently or jointly depending on the processing activities.

Each entity of the SERB Group authorized to distribute a pharmaceutical product locally acts as an independent data controller for such products. For other language versions, please refer to our website.

  1. What data do we process?
  2. How do we process your data?
  3. How do we collect your data?
  4. With whom do we share your data
  5. How is the outsourcing of your data managed?
  6. Are your data transferred outside the European Economic Area?
  7. What are your rights?
  8. How do we guarantee the security of your data?
  9. Questions and Complaints
  10. Miscellaneous

1. WHAT DATA DO WE PROCESS?

1.1  The Company processes the following patients’ personal data for the purposes described below:

  • Personal identification data (gender, age, surname and first name or only initials of surname (first 3 letters) and first name (first 2 letters) where applicable);
  • Health data related to patient follow-up (information about the procedure to be performed on the patient, information from medical record, other health data: medical and family history, concomitant medications, etc.);
  • Where applicable, contact data (telephone number, postal address, e-mail address);
  • Where applicable, the personal data you have entered in the contact form on the website or in the complaints you have submitted.

 

1.2  The Company processes the following HCPs’ personal data for the purposes described below:

  • Personal identification data (surname, first name);
  • Professional identification data (job title, workplace (hospital, pharmacy, government entity), civil protection, civil defence, practice and therapeutic areas, speciality, professional registration number, degree, professional qualification and experience, scientific activities etc.);
  • Contact data (professional postal address, telephone, e-mail address, fax);
  • Financial information where applicable, collected for purpose of payment and transparency requirements in connection with the performance of a contract;
  • Data relating to meetings with our sales and medical representatives (time and location of the meeting, data relating to the cost of shared meals, data contained in the comment fields);
  • Where applicable, the personal data you have entered in the contact form on the website or in the complaints you have submitted.

 

2. HOW DO WE PROCESS YOUR DATA?

(a) Purposes

2.1  The Company processes your personal data for the following purposes:

(i) Applicable to patients

  • Management of the early and compassionate access authorizations
  • Management of your participation to our clinical research and studies.
  • Pharmacovigilance and materiovigilance monitoring (collection of adverse events, risks of incidents and/or incidents, patient monitoring (such as registers, database), writing reports of adverse reactions that may be related to the use of medicines), monitoring of “off-label” use.
  • Processing of medical information requests.

(ii) Applicable to HCPs

  • Pharmacovigilance and materiovigilance monitoring (collection of adverse events, risks of incidents and/or incidents, patient monitoring (such as registers, database), writing reports of adverse reactions that may be related to the use of medicines), monitoring of the “off-label”;
  • Processing of medical information requests.
  • Planning and support for the interaction between our in-field teams and you to create a tailored profile about you and categorize into different segments in accordance with this profile, and to identify you in the appropriate therapeutics areas and establish connections and interactions with you, being specified that no automated decision are made that would result in legal effects or have significant impact on you;
  • Maintenance interaction and communication with you with the support of our Customer relationship management (“CRM”) system:

(1) Engagement of effective direct communication with you by remote electronic channels (such as email, telephone, SMS etc.) and visit in person to provide : (i) pertinent news, research, educational materials within your specialty, (ii) relevant information about our products, which may include medical, clinical and marketing promotional materials(iii) all other kinds of updates related to products you are interested in.

(2)  Invitation to attend the medical/healthcare events, such as conferences, both national and international.

  • Follow-up of Medical Scientific Liaisons (MSL) activities for providing specific medical information to HCPs and collecting feedback and opinions from HCPs.
  • Management of event registration and organization, principally facilitate you to receive the invitation and event-related information, ensuring seamless participation and attendance.
  • Establishment and management of collaboration with you, including the selection, planning, organization and review of any collaboration with you, particularly involving research and development (such as clinical trials or other research studies), consultancy services or participation as a speaker in webinars or conferences.
  • Transparency and ethic compliance: legal obligations imposed to Marketing Authorization Holders in pharmaceutical industry to ensure no ethical or business integrity non-compliance in the engagements with HCPs, which may involve public or non-public disclosure of information related to engagements, anti-bribery and corruption, and handling conflicts of interest.

(b) Legal basis

2.2  The collection and processing of your personal data is based on the legal obligations binding the Company, explicit consent you have given to receive promotional information from us, as well as on the legitimate interest of the Company in managing and processing requests for information. When they are based on our legitimate interests, these interests do not appear to us to take precedence over your interests and fundamental rights and freedoms.

2.3  In addition, when processing health data, the Company complies with the data protection and privacy legalization. In particular, the processing of health data carried out is necessary for the purposes of preventive medicine, medical diagnosis, the administration of care or treatment, or the management of health services implemented by a health professional.

(c) How long do we keep your data?

2.4  Your personal data is kept by the Company for periods not exceeding those necessary for the purposes for which they are processed, taking into account the sensitive nature of the data processed, the applicable statute of limitations and the legal or regulatory obligations imposed on the Company. The retention periods are specified in point 2.6.

2.5  Beyond these periods indicated below your data will be regularly delated or anonymized unless it is necessary to keep them longer (i) to ensure compliance with legal, accounting and tax retention obligations, (ii) for the retention of evidence during the applicable limitation periods, (iii) for the exercise of our rights in the event of litigation or legal action throughout the period of the proceedings or investigation.

(d) Synthesis

2.6  The processing of your personal data can be summarized as follows:

(i) Applicable to patients

WordPress Responsive Table

 

In cases where the processing is for the purpose of managing clinical research studies in which you are enrolled, or for managing early and compassionate access authorizations, a patient study Informed Notice detailing data protection information in accordance with specific clinical research shall be provided to patients by the study doctor or investigator.

(ii) Applicable to HCPs:

WordPress Responsive Table

 

3. HOW DO WE COLLECT YOUR DATA?

3.1  We collect your personal data:

(i) If you are a patient

  • directly from you when you contact us for asking medical information in terms of our products or reporting any adverse reactions related to our products.
  • indirectly through your doctor to whom you require medical information or report any adverse effects relative to prescribed medical products, or who engages into our study research and acts as study investigator.

(ii) If you are a HCP

  • directly from the interactions with you during the conference, forums, webinar and any other medical events you participate.
  • directly from you in the event of medical information requests, inquires, collaborations, surveys, etc..
  • from publicly available sources including websites, social media, journals etc., and third parties such as Veeva System Inc.

 

4. WHO DO WE SHARE YOUR DATA WITH?

4.1 If necessary, we may forward your personal data to the following recipients:

  • Our affiliates;
  • Our business partners and selected service providers or vendors, such as distributors, our technical service providers for hosting, archiving and telephone permanence, Clinical Research Organization for management of clinical studies;
  • Our legal advisers and/or lawyers and those of purchasers in the context of restructuring operations, divestments, mergers, and acquisitions or litigation;
  • Government entities and administrations authorised to access and/or obtain your personal data, and in particular the Ethic Committees, the local regulatory agency for approval of clinical trials and researches and for the medicinal products registration, the competent authorities for transparency requirements, the regional pharmacovigilance centers, the European database of adverse reaction reports that may be related to the use of medicinal products;
  • The courts and tribunals of the judicial order in case of litigation involving you;
  • Law enforcement authorities in the event of the observation or suspicion of the occurrence of an offence involving you in accordance with or as required by applicable law;

 

4.2  In the event of a restructuring, divestments, or merger (including reorganization), we may transfer your personal data to a third party involved in the transaction (for example, a purchaser) in accordance with applicable data protection legislation.

5. HOW IS THE OUTSOURCING OF YOUR DATA MANAGED?

5.1  We take appropriate steps to ensure that our contractors process your personal data in accordance with applicable data protection legislation.

5.2  These measures include the signing of a data processing agreement which requires processors, among other things, to process your personal data only on our instructions, not to engage a second-tier processor without our consent, to take appropriate technical and organizational measures to ensure the security of your personal data, to ensure that the persons authorised to access the data are subject to confidentiality obligations, to return and/or destroy your personal data at the end of their assignment or contract, to undergo audits and to provide us with assistance in following up on your requests to exercise your rights in relation to your personal data.

6. ARE YOUR DATA TRANSFERRED OUTSIDE THE EUROPEAN ECONOMIC AREA?

6.1  Your data may be transferred outside the European Union to the countries or regions where our affiliates operate or in which we engage authorized subcontractors, including in the US, in the fulfillment of processing purposes as stated in the section 2.1. We have controlled this transfer by implementing various legal and technical tools through standard contractual clauses ensuring a sufficient and appropriate level of protection of your data. We have also entered into appropriate contractual arrangements in accordance with applicable data protection legislation.

7. WHAT ARE YOUR RIGHTS?

7.1  In accordance with applicable data protection legislation, you have the right to access, rectify and delete your personal data, the right to object to or limit the processing of your personal data, the right to the portability of personal data and the right to define directives concerning the use of your personal data after your death.

WordPress Responsive Table

 

7.2  Please send us any request concerning your rights in relation to your personal data by email to dpo@serb.com. We will respond to your request as soon as possible and always within the time limits set out in the applicable data protection legislation. Please note that we may retain your personal data for certain purposes where required or permitted by law.

8. HOW DO WE GUARANTEE THE SECURITY OF YOUR DATA?

8.1  We take appropriate technical and organizational measures to ensure a level of security appropriate to the risks associated with your personal data. We follow industry best practices to ensure that personal data is not accidentally or unlawfully destroyed, lost, altered, unauthorized disclosure or access.

9. QUESTIONS AND COMPLAINTS

9.1  If you have any questions or complaints concerning the processing of your personal data by the Company, please contact our data protection officer by email at dpo@serb.com.

9.2  You have the right to submit a complaint before the competent supervisory authority in your location regarding the processing of your personal data, please consult the contact details of the Data Protection Authorities here.

You can also reach out to the following authorities in the countries where our entities operate:

WordPress Responsive Table

 

10. MISCELLANEOUS

10.1  This Policy is current effective as of March 1, 2024. The Company reserves the right to update this Policy at any time. If we make changes to this Policy, we will notify you so that you are always aware of how we treat your personal data.

 

You are leaving the SERB.com global corporate website
This link will take you to a third-party website, the terms of use and the privacy policy of which may be different. SERB declines all responsibility in that regard and in case of a breach of its privacy policy by the third-party website. Moreover, SERB is not responsible for any information or opinion contained in any third-party website.
Choose your region