Privacy Notice

1. Addmedica and your privacy

For the purposes of this Notice, « Addmedica » means Addmedica (SAS, with registered address 16 rue Montrosier, 92200 Neuilly-sur-Seine, and Trade Register n° Paris 484 059 480).

This privacy & data protection notice (“Notice”) describes Addmedica’s practices to ensure an adequate protection of personal data, i.e. any information relating to an identified or identifiable natural person, for all data processing carried out in the framework of its business and activities (“Personal Data”).

2. What is the scope of this notice?

This Notice applies to all processing activities that Addmedica is conducting towards the persons it deals with in its professional business activities. This includes in particular:

  • Patients and their relatives or close ones;
  • participants in clinical trials;
  • healthcare professionals;
  • users of our products and services, including websites and apps users;
  • representatives of our contractors and business partners;
  • representatives of the scientific community etc;
  • job applicants.

Specific consent forms and/or Specific privacy and data protection information notices (“Privacy Notice”) will, if necessary, be communicated to you regarding specific situations where Addmedica may process your Personal Data. These Privacy Notices shall describe in more detail how your Personal Data will be processed in relation with the processing in question. If the legislation of your country so requires, this Notice and/or Privacy Notices may be supplemented by local mandatory provisions, as the case may be.

Each Privacy Notice determines for what reasons (i.e. the purposes) your Personal Data is processed as well as the resources (i.e. the means) allocated to such processing.

3. Validity and evolution of this Notice

This Notice may be modified by Addmedica, from time to time, in particular to adapt its terms to evolutions or changes of applicable legislations and/or to Addmedica’s practices. Changes will be available on this page.If we make any material changes to this privacy Notice, we will notify you by updating the date of this privacy Notice and posting it on our site.

4. The purposes:

Addmedica will always collect your Personal Data for explicit and legitimate purposes.

Addmedica collects your Personal Data for the following purposes:

  • to carry out our business operations; carry out marketing and sales; respond to your requests; to keep track of our interactions and meetings, such as when you contact us for information and support;
  • to comply with legal or regulatory obligations that apply to Addmedica; monitor safety; manage adverse events; carry out prevention and investigatory activities; carry out administrative formalities, registration, declarations or audits;
  • to conduct research and development; carry out clinical studies, registries and trials; manage and validate the recruitment and participation of individuals to studies, trials and other operations; analyze demographic data; offer special programs, activities, trials, events or promotions via our services; carry out market or consumer studies;
  • to allow us to communicate with you; respond to your requests or inquiries; provide support for products and services; provide you with important information, administrative information, required notices, and promotional materials; send you news and information about our products, our services, our brands, our operations; organize and manage professional events and congresses, including your participation to such events;
  • to process payments we may need to issue in a specific situation; verify your financial data; facilitate further payments;
  • to offer donations and sponsorships;
  • to respond to legal requests from administrative or judicial authorities, in accordance with applicable laws; comply with a subpoena, required registration, or legal process;
  • to protect our rights and interests; protect the health, safety, and security of Addmedica personnel and premises; carry out internal audits, asset management, system and other business controls; manage business administration (finance and accounting, fraud monitoring and prevention); maintain the security of our services and operations; protect our rights, privacy, safety or property, to allow us to pursue available remedies or limit the damages that we may incur as necessary; to protect ourselves against possible fraudulent actions.

5. On what ground?

Addmedica will always process your Personal Data lawfully.

Depending on the data processing at stake, Addmedica will generally process your Personal Data on either one of the following legal basis:

  • your prior consent: where you have clearly expressed your approval of Addmedica’s processing of your Personal Data. In practice, this will generally mean that Addmedica will ask you to sign a document, or to fill-in an online “opt-in” form or to follow any relevant procedure to allow you to be fully informed and then either clearly accept or refuse the data processing envisaged;
  • a contractual relationship between you and Addmedica: in such case, the processing of your Personal Data is generally necessary to the execution or the performance of the contract; this means that if you do not wish Addmedica to process your Personal Data in that context, Addmedica may or will be obliged to refuse to enter into such contract with you or will not be able to provide the products or services covered in this contract;
  • legal obligations applicable to Addmedica’s activities; for instance, Addmedica is required to implement pharmacovigilance procedures to monitor adverse effects of marketed products, which generally involves the collection and retention of Personal Data;
  • the “legitimate interest” of Addmedica in the sense of applicable data protection law. In such a case, Addmedica shall consider your fundamental rights and interests in determining whether the processing is legitimate and lawful.

Addmedica may, on a case-by-case basis, rely on other legal grounds, such as the protection of your vital interests, in accordance with applicable data protection law, as set forth in the applicable Privacy Notice.

6. Where does the Personal Data come from?

Addmedica will always collect Personal Data from trusted sources.

Addmedica may collect your Personal Data from different sources:

  • Data that you communicate to us through various media, through registrations, surveys or direct and indirect interactions with Addmedica. For example, data you provide to register to scientific events sponsored by Addmedica, to submit an online application, to send us a request for information, etc;
  • Data that we collect in accordance with applicable law from public sources available, including data that is published by you in all supports;
  • Data that we obtain legally from third parties, for example, when we may need to confirm contact or financial information or to verify licensure of healthcare professionals. In such case, we generally receive such Personal Data from third-parties that are authorized to do so in the framework of their own privacy and data protection policies or in accordance with the law. As applicable, we will inform you in the Privacy Notice of the identity of those third-parties and will invite you to refer to their privacy and data protection policies to inquire on the origin of such Personal Data and the condition of their collection.

7. About children Personal Data

While in some instances we may collect Personal Data about children with the consent of his/her parent or guardian for the provision of our services such as clinical activities or for patient support programs, we do not otherwise knowingly solicit Personal Data from, or market to, children. If a parent or guardian becomes aware that his or her child has provided us with personal information, he or she should contact us as described in the “How to Contact Us” section below. We will take steps to delete such information from our database in accordance with applicable legal requirements.

8. Who has access to Personal Data:

Addmedica will share your Personal Data only with authorized parties.

For the purposes described above, Addmedica may need to share your Personal Data with the following authorized third-parties:

  • Addmedica and its affiliates;
  • our partners (healthcare professionals and organizations, distributors, other members of the healthcare and pharmaceutical industry);
  • selected suppliers, service providers or vendors acting upon our instructions for website hosting, data analysis, payment processing, order fulfillment, information technology and related infrastructure provision, customer service, email delivery, auditing, etc;
  • legal or administrative authorities, as required by applicable laws including laws outside your country of residence;
  • potential acquirers and other stakeholders in the event of a merger, legal restructuring operation such as, acquisition, joint venture, assignment, spin-off or divestitures.

Addmedica may need to share your Personal Data with other third-parties, in which case you will be duly informed through the applicable Privacy Notice.
In any case, Addmedica will require that such third-parties:

  • undertake to comply with data protection laws and the principles of this Notice;
  • will only process the Personal Data for the purposes described in this Notice; and;
  • implement appropriate technical and organizational security measures designed to protect the integrity and confidentiality of your Personal Data.

9. Where Personal Data may be transferred:

Addmedica will ensure that transfers of your Personal Data outside EU are safeguarded.

Addmedica works with partners and subcontractors located in many countries around the world. For that reason, Addmedica may need to transfer (via access, visualization, storage..) your Personal Data in other jurisdictions, including from the European Economic Area to outside the European Economic Area, in countries which may not be regarded as providing the same level of protection as the jurisdiction you are based in.

10. Safeguards for international transfers of Personal Data:

In cases where Addmedica needs to transfer Personal Data outside the European Union, it shall ensure that adequate safeguards, as required under applicable data protection legislation, will be implemented (including, notably, the European Commission’s Standard Contractual Clauses, as applicable).

11. How secure?

Addmedica will implement security measures to protect your Personal Data.

We have implemented a variety of technological and organizational procedures and measures to ensure the integrity and confidentiality of your Personal Data from unauthorized access, use and disclosure. These measures shall take into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons.

For instance, we store your Personal Data on servers that have various types of technical and physical access controls, which may include, for instance, if appropriate, encryption. We may also aggregate, pseudonymize or anonymize Personal Data to ensure that no personally identifiable information is communicated to third parties.

12. How long?

We will retain your Personal Data for no longer than necessary.

Addmedica will retain your Personal Data only for the period necessary to fulfill the purposes outlined in this Notice.

As an exception, Addmedica may be required to retain your Personal Data for longer periods as required or permitted by law, or as necessary to protect its rights and interests. In such a case, you will be informed of the intended retention period in the applicable Privacy Notice.

13. Your rights:

Addmedica will ensure that you can exercise your rights pertaining to your Personal Data.

You can exercise your rights as provided by data protection laws.
To that end, Addmedica informs you that you are entitled:

  • to have access upon simple request to your Personal Data – in which case you may receive a copy of such data (if requested);
  • to obtain a rectification of your Personal Data should your Personal Data be inaccurate, incomplete or obsolete;
  • to obtain the deletion of your Personal Data in the situations set forth by applicable data protection law (‘right to be forgotten’);
  • to withdraw your consent to the data processing without affecting the lawfulness of processing, where your Personal Data has been collected and processed on the basis of your consent;
  • to object to the processing of your Personal Data, where your Personal Data has been collected and processed on the basis of legitimate interests of Addmedica, in which case you will need to justify your request by explaining to us your particular situation;
  • to request a limitation of the data processing in the situations set forth by applicable law;
  • to receive your Personal Data for transmission from Addmedica to a third-party or to have your Personal Data directly transferred by Addmedica to the third-party of your choice, where technically feasible (data portability right allowed only where the processing is based on your consent).

If you would like to exercise any of these rights, please contact us as described in the “How to Contact Us” section below and we will take necessary steps to respond as soon as possible.

You may also file a complaint before a competent data protection authority regarding the processing of your Personal Data. While we suggest that you contact us beforehand, if you wish to exercise this right, you should contact directly the competent data protection authority.

https://edpb.europa.eu/about-edpb/about-edpb/members_en

14. How to contact us

Addmedica welcomes any questions or comments you may have regarding this notice or its implementation. Any such questions or comments should be submitted using the contact information: gdpr@addmedica.com

Specific Information Notice relating to Medical Information and Pharmacovigilance:

  • Processing Personal Data of Healthcare Professional:

We, Addmedica SAS (Trade Register n° 48405948000059, 16 rue Montrosier, 92200 Neuilly-sur-Seine), hereby inform you that for the purposes of complying with the applicable laws, we collect and process your last name/first name/contact details (Personal Data) in order to allow us to answer your medical questions and/or carry out pharmacovigilance (Purposes).

When the processing relates to medical information, Personal Data is processed for a period of 3 years after our last exchange with you for health authority inspection purposes.

When the processing relates to pharmacovigilance purposes, Personal Data is archived and processed for a minimum period of 10 years after the withdrawal of the marketing authorization.

We ensure the confidentiality of your Personal Data and will only disclose it to our authorized personnel and third parties involved in the Purposes within the limits of the applicable laws. In case Personal Data is stored outside the European Union, we shall ensure that our service provider complies with applicable laws. You have the right to request (i) access and/or (ii) rectification and/or (iii) erasure (only if applicable), and/or (iv) to obtain the portability of your Data Personal(only if applicable). To exercise these rights, you can contact us by email at the following address: gdpr@addmedica.com. You also have the right to lodge any complaint relating to these prerogatives to the national data protection authority of your country.

  • Processing of Personal Data of Patients:

We hereby inform you that in the context of non-promotional medical information and pharmacovigilance, and for regulatory purpose, we collect and process your initials, gender, age, medical history, relevant medical data, contact details (Personal Data) in order to allow us to answer your medical questions and/or carry out pharmacovigilance (Purposes).

In accordance with applicable laws, Personal Data are archived and processed for the duration of our exchanges and destroyed thereafter, except for pharmacovigilance purposes where your Personal Data are pseudonymized and shall thereafter be kept for a minimum duration of 10 years after the withdrawal of the marketing authorization.

We ensure the confidentiality of your Personal Data and will only disclose it to our authorized personnel and third parties involved in the Purposes within the limits of the applicable laws. In case Personal Data is stored outside the European Union, we shall ensure that our service provider complies with applicable laws. You have the right to request (i) access and/or (ii) rectification and/or (iii) erasure (only if applicable), and/or (iv) to obtain the portability of your Data Personal (only if applicable). To exercise these rights, you can contact us by email at the following address: gdpr@addmedica.com. You also have the right to lodge any complaint relating to these prerogatives to the national data protection authority of your country.

October 2022