Privacy policy


PRIVACY POLICY

INTRODUCTION

Gedeon Richter Polska Sp. z o.o. (hereinafter referred to as the “Company“) is committed to protecting the privacy of visitors to website and undertake to protect their personal data. This information relates to the processing of personal data collected by the Company and coming from the users of our website (collectively referred to as “Data Subjects“) and describes the principles of collection, transfer, processing, use and security practices associated with the website. Prior to using the Service, each User should read this Privacy Policy.

DATA CONTROLLER AND DATA MANAGEMENT

The controllers of personal data processed within the website is  Gedeon Richter Polska Sp. z o.o. with its registered office in Grodzisk Mazowiecki, ul. Ks. J. Poniatowskiego 5, 05-825 Grodzisk Mazowiecki. Your data are protected in an appropriate way and in accordance with the requirements of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation – GDPR; Polish: RODO).

DATA PROCESSING

The Company may collect information about Website Users, such as information about the devices and IT systems used by the Users, IP addresses, locations etc. The data collected by us within the framework of Website operation is mainly intended for statistical purposes and more effective management of the contents of our website, development of the level of service or contents of the Website, providing the users with some guidance tips, useful information as well as information about products and services.

The Company may also collect and process personal data of Website Users to the extent necessary to achieve the objectives specified below.

We process the Users’ personal data in order to be able to provide you with the services you need. These objectives include:

(i) to process your requests via our website (the “Website”), to respond to your queries and requests;

(ii) to publish job advertisements on our website and administering job applications from potential employees;

(iii) to provide a channel of communication for the reporting of adverse reactions in relation to pharmacovigilance (hereinafter jointly referred to as the “Services”).

The personal data collected from Data Subjects are processed by our employees, protected against unauthorised access and used by us for lawful and justified purposes of providing our services, including:

  • identification of Data Subjects who use our Services;
  • tracking the status of your applications;
  • sending personalised messages to you;
  • sending administrative messages and other information regarding your ability to use our Services;
  • research and development of our Services, including for the purposes of web analytics and statistics;
  • prevention of fraud and abuse, and ensuring the security of communications on our Website;
  • providing you with technical support; handling complaints; and enforcing our Terms of Service and Privacy Policy.

We may also periodically process your personal information for other purposes after we have communicated such intention to you – as long as such purposes are directly related to and consistent with the purposes set out in the Privacy Notice.

LEGAL BASIS FOR DATA PROCESSING

Unless otherwise indicated in this Privacy Notice, the processing of your personal data is voluntary and based on your voluntary consent. You have the right to withdraw your consent at any time. The withdrawal of consent shall not affect the lawfulness of processing carried out on the basis of the consent given before the withdrawal. Failure to provide us with the required personal data may result in our inability to provide you with our Services.

With regard to the transmission of information on adverse reactions, the legal basis for the processing is Article 24(1)(a), (b) and (c). 1 point 2 of the Act of 6 September 2001 (Pharmaceutical Law – Journal of Laws 2016 item 2142).

WHAT TYPE OF PERSONAL DATA CAN WE PROCESS?

In carrying out our activities, we process (collect) the following personal data about you for the purposes that have been specified earlier:

  • data of application of candidates for employment: if you are applying for employment with us, we will keep the following information: date and time of application, name, date of birth, place of residence, telephone number(s), e-mail address, name of previous employer, duration of previous employment relationship, previous positions, jobs and their descriptions, qualifications, studies, education, title/degree, its type and date of acquisition, language knowledge, computer literacy, any other information voluntarily provided by the candidate (e.g. image, curriculum vitae, cover letter and expected monthly salary). This information is necessary to evaluate your experience and to make an recruitment decision. Access to this information shall be limited to an authorised employee of the Controller.
  • information on adverse reactions: we need this information to process, investigate and report adverse reactions to the regulator. Your report must contain the following data: the description of the adverse event; the date when the adverse event occurred; the data (name) of the reporting person; the initials of the patient; the patient’s sex or age; for professionals, the address of the place of business activity, the name of the medicinal product suspected of giving rise to the adverse reaction; additional information (e.g. other medicines used, co-morbidities, results of additional studies); the telephone number or e-mail address of the reporting person;
  • information about correspondence: We will keep records of correspondence with you, including complaints you have made, information about when the messages were read – in order to provide you with technical support and to handle complaints;
  • information about how our Website is used: information about how you use our Services on the Website, including search and preference behaviour, how you record your searches on our Website, and your browsing history. We use this information to research and improve the services we provide, and to identify areas in which we may need to improve the quality of our Services.

Our services are not intended to collect specific categories of personal data from Data Subjects, except for adverse reaction information (health data) for pharmacovigilance purposes and the data specified in application forms.

WHICH COOKIES DO WE USE?

Our Website uses cookies to distinguish you from other users of our Website. This helps us to provide you with the right experience when you browse our website and to continuously improve it.

A cookie is a small file consisting of letters and numbers which we store in your browser or on the hard drive of your computer or mobile device (if you agree to it). The cookies contain information that is transferred to your computer’s hard drive or mobile device.

We can use the following types of cookies:

  • permanent cookies: are absolutely necessary for the operation of our Website. For instance, they include cookies that enable you to log in to secure areas of our Website. Cookies of this type cannot be disabled;
  • temporary (analytic) cookies: these allow us to recognise and count visitors at our Website and to observe how visitors navigate our Website when they use it. This allows us to improve the performance of our Website – for example, by ensuring that visitors easily find what they are looking for;
  • functional cookies: they are used to recognise you when you return to our Website. This allows us to personalise our content for you, to remember your preferences (e.g. your choice of language and region);
  • personalisation cookies: these cookies record your visit to our Website, the pages you have visited and the links you have clicked on. We will use this information to tailor our Website and the advertisements it displays to your interests. We may also share this information with others for the same purpose.

The Company is obliged to obtain your consent for the use of all types of cookies, with the exception of cookies necessary to enable you to use the Website. You may consent to this by allowing for the use of cookies in your browser. The default settings of web browsers generally allow the use and placement of cookies.

You can block a cookie by activating appropriate settings on your browser so that you can reject all or some cookies. However, if you set your browser to block all cookies (including the permanent cookies), you may not be able to view the content of the various areas of our Website. For more information about cookies and how to block or delete them, please visit www.allaboutcookies.org.

WHERE ARE OUR DATA STORED, AND WHO CAN ACCESS THEM?

Your personal data will be accessed only by authorised persons and authorised departments of the Company for whom the information will be necessary for the performance of their duties. We will not disclose your personal information to any third party, entity or organisation, except with your consent or when mandatorily required.

In the case of adverse reaction reports, such data are sent to lekalert@grodzisk.rgnet.orgc to the Company’s Medical Department, which will process the personal data or other data related to the adverse event as the sole data controller.

Once we have a confidentiality agreement or non-disclosure agreement in place, we may employ third parties to process your information as part of our service provided to you.

FOR HOW LONG ARE THE PERSONAL DATA STORED?

We retain your personal data for as long as we need them for the purposes for which they are processed (collected), except where we are required by applicable laws to process your personal data for a longer period of time.

We will delete the collected personal data if:

(i) you withdraw your consent to the processing of your personal data and there is no other legal basis for the processing of such data;

(ii) if you object to the processing of your personal data and there is no legitimate ground for rejecting your objection, or if you object to the processing of your personal data for the purposes of direct marketing;

(iii) the personal data must be deleted in order to comply with a legal obligation on the part of the Company.

The data shall not be deleted to the extent that their processing is necessary to enable the Company to fulfil their legal obligation to process data by the Company or to perform public interest tasks or to perform public tasks entrusted to the Company (if any); to archive in the public interest, for scientific or historical research or statistical purposes; or to establish, pursue or defend legal claims of the Company.

The data included in the job applications of candidates for employment are stored for the time necessary to close the recruitment process in the Company – except for the situation when you agree to our storing your personal data for the purpose of possible future recruitments.

ARE THE DATA TRANSFERRED OUT OF THE EUROPEAN ECONOMIC AREA?

We do not transfer your personal data to countries or territories outside the European Economic Area.

HOW DO WE CARE FOR THE INTEGRITY OF PERSONAL DATA?

We take all reasonable steps to ensure that the personal data we keep are accurate. We ask you to keep your personal information up to date and to inform us of any changes.

HOW DO WE PROTECT PERSONAL DATA?

We will take all necessary steps to ensure the security of your personal information and to prevent any unauthorised or accidental access, collection, use, disclosure, copying, modification, disclosure, erasure or any other unauthorised use. It should be borne in mind that the electronic transmission of information is never entirely secure.

WHAT RIGHTS AND LEGAL MEASURES ARE YOU ENTITLED TO?

You have the right to delete, update, mark or block personal data that is incomplete, incorrect, incorrect or outdated. Each User is also entitled to access their personal data and revoke their consent to the processing of personal data for the future. However, this may result in not being able to use the functionality of the Website. If you believe that any personal information we store is incomplete, incorrect or outdated, you may contact us and we will make the necessary amendments immediately. We will also take all reasonable steps to ensure that the personal data we hold are accurate. You may request that we delete your personal information, but we may have a legal obligation to retain such information and not to delete it (or to block it or mark it for a certain period of time, in which case we will only process your request for deletion after we have done so).

You have the right to know what personal data related to you are being processed. We will respond to such a request as soon as possible and no later than 30 (thirty) days after the request is made. We may ask for additional information to allow us to verify your identity. You have the right to object to the processing of your personal data if the processing or transfer of your personal data is necessary only for the performance of a contractual obligation, necessary to enforce our justified interest, the interests of the data recipient or of another third party (except when the processing is mandatory); and where permitted by law. You have the right to transfer your personal data as far as it is technically possible in a standardised format.

If you believe that your privacy or right for your data protection has been violated, you can contact the President of the Office of Personal Data Protection (Stawki 2, 00-193 Warszawa, tel. +48 22 531 03 00, email: kancelaria@uodo.gov.pl) or you may file a lawsuit against the Company (or against another data controller) in which you may also claim compensation for damages suffered as a result of unlawful processing of personal data or as a result of a breach of data protection requirements.

This Website may contain links to websites of third parties. We have no control over the linked sites and we are not responsible for the privacy practices of such sites.

HOW CAN YOU CONTACT US WITH QUESTIONS ABOUT THIS MESSAGE?

Any information on queries and applications concerning the data protection and the execution of rights submitted by Data Subjects is provided by the Company’s employee at the following e-mail address: RODO@grodzisk.rgnet.org. Please submit your queries by post or in person at the registered office of the Company.