The Dr. Franz Köhler Chemie GmbH, 64625 Bensheim, Germany (hereinafter referred to as “Dr. Köhler Chemie “, “us”, “our” or “we”) develops and distributes medicinal products available only on prescription and over-the-counter. As a pharmaceutical company, the Dr. Köhler Chemie has a legal responsibility and duty to monitor the safety of all products that we develop or place on the market worldwide.

Humans and animals exhibit different biological responses to drugs or medical products, and not all adverse reactions or events (side effects) associated with the use of drugs and medical products can be detected during the clinical development process – not even by the most extensive clinical trials. Tracking adverse events from global sources, as infrequent as they may be in absolute numbers, is of paramount importance during both the development and distribution phases.

Adverse event monitoring is called pharmacovigilance (“PV”). PV requirements allow us and the relevant regulatory authorities (for example, the European Medicines Agency and other agencies) to manage adverse events to protect public health and ensure high standards of product quality and safety.

Our pharmacovigilance obligations require us to process certain information that directly or indirectly identifies a natural person (“personal data”) from a patient and/or the reporter of an adverse event reported to us in order to comply with strict requirements to conduct ongoing benefit-risk assessments of products and to report suspected adverse reactions or events to the relevant regulatory authorities.

This Pharmacovigilance Privacy Statement (“Statement”) contains important information regarding the processing of your personal data for PV purposes in accordance with our obligations under applicable data protection laws, in particular the General Data Protection Regulation ((EU) 2016/679) (“GDPR”).

All personal data will be processed solely for PV purposes and only when relevant and appropriate to properly document, assess and report your adverse event in accordance with our pharmacovigilance obligations.

If you have any questions about this statement or the processing of your personal data, please contact us using our contact details at the end of this statement.

1. categories of personal data
We may need to process (including collect, store and further use) the following personal data:

1.1 About the patient

Name and/or initials of the patient,
Date of birth/age group, gender, weight, height.
Information about the patient’s health, racial or ethnic origin, sex life
Medical history and health status, e.g. Details of the product suspected of causing the adverse event, including the dose you were taking or prescribed, the reason for taking or prescribing the product and any subsequent changes to your usual therapy, details of any other medicines or agents you are taking or were taking at the time of the adverse event, including the dose you were taking or prescribed, the duration of taking the medicine, the reason for taking the drug and any subsequent changes in your therapy, details of the adverse event that affected you, the treatment you received for that event, and potential long-term effects that the adverse event has on your health, and any other information about your medical history that is considered relevant by the reporting party, including records such as laboratory reports, medication history and patient history.
1.2 About the reporter:

1.2 About the declarant:

Name,
Contact information (e.g., your address, email address, telephone number, or fax number),
Occupation (this information may affect the questions you are asked depending on your assumed level of medical knowledge about the adverse event), and
Relationship to the person concerned by the notification.
2. purposes of processing (“PV purposes”)
In the course of fulfilling our pharmacovigilance obligations, we may process your personal data in order to:

Investigate the adverse event,
contact you to obtain further information about the adverse event you have reported,
compare the information about the adverse event with information about other adverse events reported to Dr. Köhler Chemie GmbH and, on this basis, analyze the safety of a production batch, the product or the active ingredient as a whole; and
submit required reports to national and/or regional competent regulatory authorities to enable them to analyze the safety of a production batch, the product, the generic ingredient or the active ingredient as a whole together with reports from other sources.
3. Disclosure of Personal Data
As part of fulfilling our pharmacovigilance obligations, we may share and/or disclose personal data as follows:

Within the Company, to analyze and process a reported adverse event.
To the appropriate regulatory authorities, with respect to a suspected adverse event.
To third party service providers of the Company. These third party service providers may include, but are not limited to, security database service providers, call center operators, and, to the extent you provide details of your suspected adverse reaction to our market researchers, that particular market research service provider. Appropriate data protection safeguards are implemented at our service providers to whom we disclose personal data and who provide services on our behalf.
To other pharmaceutical companies acting as co-marketers, co-distributors or other licensing partners, where pharmacovigilance obligations for a product require such sharing of security information. Appropriate privacy safeguards are implemented at these business partners to whom personal data is shared and who provide services on our behalf.
When information about adverse events is published (for example, in the form of case studies and summaries); in these cases, all identifiers are removed from publications to keep your identity confidential.
4. security of your personal data
We have implemented appropriate and state-of-the-art technical and organizational measures to protect personal data processed for PV purposes, including security measures and procedures that limit access to personal data to those employees who need it to perform their job duties.

We implement physical, electronic and procedural measures to protect personal data from accidental loss, destruction, damage and unauthorized access, use and disclosure.

Where appropriate and reasonable, we process personal data in encrypted/pseudonymized form.

5. retention periods
We will use and store your personal data in accordance with mandatory legal requirements for storing and reporting pharmacovigilance information. Such mandatory requirements oblige us to archive PV information that may contain personal data for at least the duration of the product life cycle and for a further ten years after the medicinal product or medical device concerned has been withdrawn from the market.

6. legal basis for the processing of your personal data
Dr. Franz Köhler Chemie GmbH processes PV-relevant personal data, including special categories of personal data, in accordance with the GDPR

in order to comply with the applicable legal requirements under the applicable laws and regulations on pharmacovigilance and the legitimate interest in ensuring PV purposes (Art. 6 DSGVO),
taking into account that
PV EU or Member State law was adopted due to a substantial public interest in the field of public health and safety of medicinal products or medical devices (Art. 9 GDPR).

However, please note that these rights may be limited in order to comply with our legal pharmacovigilance obligations. Your rights are not fully applicable if there is a legal basis for processing your personal data. For example, we cannot delete information collected in the course of reporting an adverse event unless it is false. We may require you to provide reasonable proof of your identity before we will comply with a request to access or correct your personal data.
8. contact
For your concerns about data protection in connection with pharmacovigilance or data protection in general, please use our contact form or contact our Corporate Privacy Officer at the following address:

Dr. Christian Szidzek
info@thales-datenschutz.de

Further, general information on the protection of personal data can be found in our Privacy Policy.

Status: 19.12.2019