Last updated June 20, 2022
Angelini Pharma UK-I Limited with registered office in 6th floor Napier House 24 High Holborn, London, United Kingdom, WC1V 6AZ, a company of Angelini Pharma Group (hereinafter “Angelini" or “Data Controller”), pursuant to the UK Data Protection Act (2018), the Regulation (EU) 2016/679 of the European Parliament and of the Council, of 27 April 2016, on the protection of natural persons with regard to the processing of personal data (“General Data Protection Regulation” or “GDPR”) and other applicable data protection legislation, provides you with the following information on the processing of your personal data, in your capacity as users/browser of the website www.angelinipharma.co.uk (hereinafter the “Website”).
1. Data Controller and Data Protection Officer (DPO)
The Controller is Angelini Pharma UK-I Limited with registered office in 6th floor Napier House 24 High Holborn, London, United Kingdom, WC1V 6AZ, email: privacy.UK-I@angelinipharma.com.
The Controller has appointed a Data Protection Officer (DPO), who can be contacted directly at email@example.com.
2. Purposes of processing and legal basis for the processing
All personal data provided by you is processed in compliance with the provisions of the law in a correct, lawful and transparent manner for the purposes set out below and according to the following conditions of lawfulness (Legal basis for processing).
Purposes of the processing
Legal basis of the processing
Processing of your personal data for this purpose is necessary to the execution of a contract or to the execution of precontractual measures (here construed as the “legal relationship” established between yourself and the Data Controller, following your potential request).
The processing of your personal data for this purpose is a legal obligation.
The processing of “special categories of personal data” is necessary for reasons of public interest in the public health care sector, by way of guarantee of high quality and safety parameters in medicinal products and medical devices.
The processing of your personal data for this purpose is a legal obligation.
3. Categories of data processed
The Data Controller will process the following categories of your personal data:
- in the event that you should submit communications or requests to Angelini, your personal data necessary to the correct management of your communication or request (in particular, name and surname, postal address, e-mail address and telephone number) and any other personal data you may include in your message;
- if you should make any reports in relation to pharmacovigilance, the data necessary to comply with the related legal obligations assigned to the Data Controller. More specifically, as “reporting party”, as a guarantee of the exactness and pertinence of data and its verifiability for the purpose of the scientific assessment of the reports: e-mail address or telephone number, to obtain, if necessary, additional information with respect to that already communicated (“follow-up”); and, in order to manage the report correctly, any classification as medical-health care professional (for example doctor, dentist, nurse, pharmacist, medical examiner) or type of non health care professional, such as patient, attorney or person in relation to the subject to whom the report refers (for example friend, relative, assistant). As the subject to whom the report refers (the “patient”): initials of name and surname, city and country of residence, age (or age range) and/or date of birth, gender, height and weight and data relating to sex life or which reveals racial or ethnic origin, health of the subject (medical history, any current or previous pathologies, pharmacological and non-pharmacological therapies, pregnancy, breast-feeding) “special categories of data”) concerned by pharmacovigilance obligations, in particular in respect of “Safety information” on the medicinal product, such as adverse reactions, special situations (abuse, overdose, improper use (misuse), therapeutic error, “off-label” use, occupational exposure), exposure during pregnancy or breast-feeding, with or without associated adverse reactions, lack of efficacy or suspected transmission of infectious agent through the medicinal product;
- all data necessary to comply with legal obligations (such as, for example, your contact data for communications required by the law or the authority).
4. Data source
Your personal data will be obtained by the Data Controller:
- directly from you and your interaction with us.
5. Nature of data conferral
The conferral of your personal data in order to manage your requests (purpose pursuant to paragraph 2, letter a) is mandatory to allow the Data Controller to process your communication: failure to provide such would make it impossible for you to receive a reply to your communication (in particular, to receive a response to a request you make for information or assistance).
Conferral of your personal data for pharmacovigilance (purpose pursuant to paragraph 2, letter b) and to comply with legal obligations (purpose pursuant to paragraph 2, letter c) is mandatory insofar as it derives from provisions of the law.
6. Processing methods
Data processing is carried out using both automated and non-automated tools, with logic strictly related to the purposes of the processing and, in any case, with methods and procedures able to ensure the security and confidentiality of the data.
7. Categories of personal data recipients
For the purposes indicated above (paragraph 2), your personal data may be communicated:
- to persons authorized by the Data Controller to carry out personal data processing operations (employees or collaborators of the Data Controller);
- to the data processors appointed by the Data Controller (suppliers of computer, technological and telematic services, Internet operators);
- to autonomous data controllers (to handle your requests: couriers and dispatch companies; for pharmacovigilance: national and European medicine and drug agencies, other pharmaceutical companies, including companies of the Angelini Pharma Group, bound to the Data Controller by license contracts and distribution agreements for pharmaceutical products or, in the case of transfer of marketing authorizations for the pharmaceutical product; to comply with legal obligations: public authorities).
Your data may also be transmitted in accordance with the law to tax authorities, police and judicial and administrative authorities, for the assessment and prosecution of crimes, prevention and protection from threats to public security, to allow the Data Controller to ascertain, exercise or defend a right in court, as well as for other reasons related to the protection of the rights and freedoms of others.
8. Data retention period
We store your personal data for a limited period of time depending on the purpose of processing. After the expiry of this period, your data will be permanently deleted or in any case rendered irreversibly anonymous.
Your personal data will be stored in accordance with the terms and criteria specified below:
- for the management of your requests (purpose pursuant to paragraph 2, letter a) for a maximum period of 7 (seven) years from the proper and comprehensive management of your request;
- for pharmacovigilance (purpose pursuant to paragraph 2, letter b) as long as the medical product is authorised and for at least 10 (ten) years after the marketing authorisation has expired;
- to comply with legal obligations (purpose pursuant to paragraph 2, letter c) for a maximum period of 7 (seven) years from when the calendar year ends during which the Data Controller has complied with the legal obligation, in order to document and be able to show correct compliance with the law (for example having correctly informed you of any security breaches that may have involved your data and the measures we took to address such situations).
For technical reasons, the termination of the processing and the consequent deletion of your personal data, or its anonymization, will take place within 30 (thirty) days from the terms indicated above.
This is without prejudice to cases where retention for a longer period is required for any litigation, requests by the competent authorities or under applicable law.
9. Transfer of personal data outside the UK/EEA
Your personal data may be transferred outside the UK/EEA to countries that offer an adequate level of data protection, as established in accordance with Art. 45 (UK) GDPR.
The transfer of your personal data outside the UK/EEA to countries that do not ensure adequate levels of protection will be performed only after conclusion between the Controller and the recipient of the data of specific agreements, containing safeguard clauses and appropriate safeguards for the protection of your personal data which are so-called "standard model clauses" specified in the regulations made by the competent authorities (such as the European Commission or the UK Secretary of State), or if the transfer is necessary for the conclusion and execution of an agreement between You and the Controller or for the management of your requests.
You can contact the Data Controller or the DPO at the addresses indicated above to request the complete and updated list of transfers to countries outside the UK/EEA, as well as find out about the specific guarantees adopted and request a copy if you want.
10. Rights of the data subject
As data subject, you have the right to:
- have confirmation as to whether or not personal data concerning you are being processed and, if so, to obtain access to the data and related information (in particular, the purposes of the processing; categories of personal data processed; recipients or categories of recipients to whom the data have been or will be communicated; the period of retention of the data or the criterion for determining it; the existence of the right to rectify or erase the data or to limit or oppose the processing; the right to lodge a complaint with a supervisory authority; the origin of the data; the possible existence of an automated decision-making process, including profiling and, in such cases, significant information on the logic used and the importance and expected consequences of such processing for the data subject; the appropriate safeguards in case of transfer of personal data outside the UK/EEA), as well as a copy of such personal data, provided that this does not harm the rights and freedoms of others (right of access);
- obtain the rectification of your personal data, i.e. to obtain the correction, modification or updating of any inaccurate or no longer correct data, as well as to obtain the supplement of incomplete personal data, including by providing an additional statement (right of rectification);
- request the deletion of your personal data when these, in particular, (i) are no longer necessary with respect to the purposes for which they were collected or processed, or (ii) they have been processed unlawfully, or (iii) they must be deleted in order to comply with a legal obligation, or, finally, (iv) you have opposed their processing (see below "right to object") and there is no prevailing legitimate reason allowing the Data Controller to proceed with the processing in any case (right to be forgotten). Deletion may not be carried out if, in particular, the processing is necessary for the fulfillment of a legal obligation or for the establishment, exercise or defense of a right in court;
- obtain a restriction on the processing of your personal data, i.e. that the Data Controller retains such data without being able to use them. This right can be exercised only when, in particular, (i) the accuracy of the personal data is contested, for the period necessary for the Data Controller to verify the accuracy of such data, or (ii) the processing of the data is unlawful and a restriction on the use of the data is requested, instead of their deletion, or (iii) although the Data Controller no longer needs them for the purposes of processing, the personal data are necessary for you to ascertain, exercise or defend a right in court or (iv) you have objected to their processing (see below "right to object"), pending verification that the legitimate reasons of the Data Controller take precedence over those of the data subject (right to restriction);
- obtain from the Data Controller your personal data, processed on the basis of a contract, in a standard format, and that they are transferred, where technically possible, directly to a third party indicated by you (right to portability).
In addition, as data subject, you also have the right to object, this means to:
- object at any time, for reasons related to your particular situation, the processing of your personal data for opinion surveys. In this case, the Data Controller will refrain from any further processing of your personal data.
To exercise these rights, You may contact the Controller at any time, by writing to Angelini Pharma UK-I Limited with registered office in 6th floor Napier House 24 High Holborn, London, United Kingdom, WC1V 6AZ or by emailing us at privacy.UK-I@angelinipharma.com or by contacting the Data Protection Officer at firstname.lastname@example.org.
If You believe that your personal data has been processed unlawfully, You have the right to lodge a complaint with the data protection authority (the UK Information Commissioner’s Office). For more information, please consult the website of the UK data protection authority: https://ico.org.uk/make-a-complaint/.
The complaint can also be made to a data protection authority other than that of the UK, if said data protection authority is that of the state in which You have your habitual place of residence or of the place where the alleged breach took place.
12. Cookies and similar technologies
13. Links to other websites
The Website may contain links to third party websites.
Angelini cannot guarantee and accepts no liability for the contents and information provided by such third parties, the relevant completeness or accuracy, nor indeed in respect of the contents of the websites of said third parties and any products and services potentially supplied through said third party websites, nor in respect of the processing of personal data of users/browsers by said third parties.
This privacy disclosure applies to our Website only.
14. Changes to this notice
The constant evolution of our activities could lead to changes in the characteristics of the processing of your personal data described above. As a result, this privacy notice may be subject to changes and additions over time, which may also be necessary with regard to new legislation on the personal data protection.
The updated version of this privacy notice will be published on this page, indicating the date on which it was last updated. Please therefore refer to this page when accessing the Website.
Job code: UK484NP, Date of preparation November 2022