Personal data protection policy in relation to pharmacovigilance

GAP, hereinafter referred to as “GAP” or “Company” or “we” (46, Agisilaou, PC 17341, Athens, Greece, tel: 210-9310980-4) processes your personal data for the purposes described below, acting as a data controller.

The purpose of the present Personal Data Protection Policy in relation to Pharmacovigilance (hereinafter referred to as “PV or PhV Policy”) is to inform you about how your personal data that is subject to processing for pharmacovigilance purposes is protected, as well as about your rights.


What is Meant by Pharmacovigilance?

Pharmacovigilance (PV or PhV) is the set of processes of reference and monitoring of adverse medicine effects for the purpose of detecting, assessing, understanding and preventing or limiting the risk of adverse effects and the overall testing of their safety.

Scope of Application

The PV / PhV Policy applies to the personal data processing taking place within the PV, ie. in the context of the obligations of monitoring the safety of medicines produced, marketed or distributed by us.

Sources and Time of Collection of your Personal Data

We collect your data during our communication per telephone or post (electronic or paper). In case of sickness at the time of contact, we may receive information concerning adverse effects also from relatives or other close relatives following their actions.

The Categories of Personal Data we Collect

In the context of the present processing we collect the following personal data categories:

  • Name and contact details (optional)
  • Age
  • Gender
  • Side effects of the medicine recipient
  • Health data to help assess the incident (ie. medical history, concomitant medications)

In your report and in particular concerning the adverse effects, you are kindly requested to provide us with accurate and complete information so that we can assess and use them properly in the context our processing purposes.

In case you do not wish to have your name and contact details registered, we fully respect your wish. However, we shall inform you that we treat the other categories of data that you provide to us as personal data, considering that this is required by law and in order to ensure a high level of protection.

Purposes of Processing

In the framework of PhV, GAP processes your personal data mentioned above for the following purposes:

  • To ensure compliance with the obligations arising from the legislation pharmacovigilance [indicative: Law 96/1973, Ministerial Decision D3(a)/14709/21.3.2018, Ministerial Decision 3a/ Γ.Π. 32221/2013, Directive (EU) 2017/1572, Regulation (EU) 536/2014, Regulation (EU) 2017/1569].
  • To monitor the safety and improve the quality of the medicines we produce, market or distribute.
  • To ensure the smooth operation of the Company’s PV process.
  • To protect the commercial and business interests of our Company.
  • To provide you and healthcare staff with appropriate guidelines and information.
  • For the establishment, exercise and support of the Company’s legal claims.

The Legal Bases for Processing your Personal Data

Your data is processed under the following legal bases:

  • for the protection of your vital interests (art. 6 (1) (d) GDPR),
  • for your compliance with legal obligations with relation to PV (art. 6 (1) (c ) GDPR),
  • for the purposes of the legal interests pursued by the Company (art. 6 (1) (f) GDPR).

Considering that also special categories of personal data concerning you (health data) are processed, we inform you that the ban on processing is lifted in principle, because the processing is necessary for reasons of substantial public interest under Union and national law. (art. 9 (2) (g) GDPR) as well as for reasons of public interest in the field of public health (art. 9 (2) (i) GDPR).

How we Ensure the Security of your Personal Data

The Company implements appropriate organizational and technical measures for the security of your data, ensuring confidentiality, processing and protection against accidental or unlawful destruction, accidental loss, alteration, prohibited dissemination or access and any other form of unlawful processing. Your data is stored in our Company (physical and digital data file).

The Personal Data Transfers we Proceed to

In the pursuit of the above-mentioned processing purposes and to the extent necessary, our Company transfers your personal data to cooperating companies, which perform processing on its behalf, following conclusion of the necessary processing agreements with them.

We also reserve the right to disclose the above data to the competent healthcare authorities (e.g. EOF) to the extent required for the compliance with obligations arising from applicable law.

In the above cases we do not transfer your name or contact details, but only the other personal data categories.

In any case, no automated decision-making is performed.

How Long your Data is Kept

We retain the above personal data for as long as is required to serve the processing purposes during the period the product approval is valid and for a maximum period of ten years after the expiry of the marketing authorization, in accordance with Commission Implementing Regulation (EU) No 520/2012 of 19 June 2012 on the performance of pharmacovigilance activities provided for in Regulation (EC) No 726/2004 of the European Parliament and of the Council and Directive 2001/83/EC of the European Parliament and of the Council.

Your Rights

Regarding the personal data collected and processed by the Company within the framework of the PV, each data subject has the right to be informed and rights to access, rectification and restriction (as long as conditions of the legislation are applicable).

Your right to object and request deletion of your data is subject to restrictions due to the processing purposes and the legal obligations with which the Company is required to comply. In the present processing activity and due to legal bases for processing on which the processing is based, the right to data portability cannot be exercised.

We will make every effort to satisfy your request within one month of reception and will notify you in writing on its satisfaction-execution, or the reasons that prevent its satisfaction. The deadline can be extended for another two months, following notification, in case we receive a large number of requests or for reasons related to their complexity. The requested information is provided by the Company, not at your own expense, unless the requests are recurrent, in which case you may incur a reasonable cost for getting response.

You can file a complaint before the Personal Data Protection Authority at any time (1-3 Kifissias, 11523 Athens, [email protected]), if you consider that the processing of your personal data by the Company infringes your rights.

How you Can Contact Us

For any information or request regarding this data protection policy and the exercise of your rights you can contact the Data Protection Officer (DPO) of our Company via email ( [email protected] ) , or per post to the following address: 46 Agisilaou, PC 17341, Athens, Greece.

Scroll to Top