If you are a US resident, please click here: https://www.ipsen.com/us/privacy-policy/
If you are a UK or Ireland resident, please click here: https://www.ipsen.com/uk-ireland/privacy-policy/
Ipsen Pharma SAS and your local Ipsen entity (together “Ipsen”), with its headquarters based 65, quai Georges Gorse – 92100 Boulogne-Billancourt inform you that they operate a database including, in particular, the personal information you provide when reporting adverse events to Ipsen, in accordance with the applicable health legislation regarding pharmacovigilance, as well as medical information you request from Ipsen, in relation to the products they commercialize.
Ipsen Pharma SAS and your local Ipsen entity will be the data controllers with respect to their respective processing of such personal information.
The personal information collected only relates to the data that is indispensable for appreciation of the medical inquiry.
The data we collect and store about you in the database may include the following:
- Notifier’s identification data:
The Notifier is HCP: Notifier’s identification data (e.g. first name, last name, contact details, speciality);
The notifier is a patient: Patient’s identity (e.g. first and last name);
- Contact details of any HCP who can provide further information;
- Patient’s identification data (e.g. initials, age, date of birth, sex, weight, height);
- Patient’s health data: treatments administered, test results, nature of the adverse reaction(s), personal or family history, associated diseases or events, risk factors, information on the method of prescribing and use of the medicinal products and on the therapeutic conduct of the prescriber or health professionals involved in the management of the disease or adverse reaction;
- Patient’s family situation (e.g. information relating to ancestry and descent, conception, progress and outcome of pregnancy);
- Patient’s habits and behaviours (e.g. addiction, assistance, physical exercise, diet and exercise, dietary behaviour)
Hereafter “Personal data”
Purpose of personal data processing and the legal basis
The personal data we collect in relation to this privacy notice will be used only for the specific purposes:
- Meet Ipsen legal obligation to report adverse events to health authorities;
- Respond to medical information queries about our products
- Enable the prevention, monitoring, evaluation and management of adverse events of medical drugs.
The legal basis for processing the personal data collected in the context of pharmacovigilance and/or in the context of medical information is to meet relevant legal obligations and applicable health legislation.
If you provide us personal data of patient when you submit a medical information inquiry or a pharmacovigilance case, you undertake to provide the link to this Privacy Notice to the individual. Ipsen can ask you to prove that the link to this Privacy Notice has been provided to the individual.
The processing of special category data (e.g., health data) is necessary for reasons of substantial public interest.
To prevent unauthorised access, maintain data accuracy, and ensure the correct use of information, Ipsen and its third-party service providers have put in place appropriate physical, electronic, and managerial procedures to safeguard and secure the information we collect.
Information related to you will only be accessed by authorized employees at Ipsen.
Only Ipsen’s authorized employees should have access to the personal data processed, within the limits of their respective powers and responsibilities:
• Ipsen Pharmacovigilance Teams, the collaborators and agents involved in the process of managing Pharmacovigilance;
Ipsen Medical Information Teams, the collaborators and agents involved in the process of managing the medical information requested by you;
• Personnel of the audit department to verify compliance with regulatory requirements;
• Authorised personnel in charge of managing complaints.
May also be recipients of data necessary for the performance of their duties:
• Data Processors (Pharmacovigilance and Medical Information service providers) that acting on behalf and under the responsibility of Ipsen. The list can be accessed upon request.
• HCPs involved in the follow-up of the patient and HCPs or other professionals who can provide additional information.
As well as and with the exception of data directly identifying the person exposed to the undesirable effects:
• Third parties whose medicines, devices or products could be implicated;
• Notified bodies responsible for the evaluation of a medicinal product;
• Competent authorities.
Personal Data transfers
Your personal data may be processed by service providers or companies affiliated with Ipsen in non-EU countries which do not ensure an adequate level of protection to personal data. To ensure that your personal data are protected, Ipsen will, where necessary, ensure that the recipient will enter into data transfer agreements which include the EU Commission’s standard contractual clauses, or will adopt Binding Corporate Rules (BCRs) for transfers of personal data within the group of companies. Such contract or BCRs can be made available to you upon request.
However, the personal data processed in the context of pharmacovigilance may be transferred outside the European Union if it is strictly necessary for the implementation of the pharmacovigilance arrangements.
Your rights regarding your information
You may have the following rights regarding your information depending on the circumstances and applicable legislation:
|Right||What does this mean?|
|1. The right of access||You have the right to obtain access to the information processed by Ipsen.|
|2. The right to rectification||You are entitled to have your information corrected if it is inaccurate or incomplete.|
|3. The right to erasure||This is also known as ‘the right to be forgotten’ and, in simple terms, enables you to request the deletion or removal of your information where there is no compelling reason for Ipsen to keep using it. This is not a general right to erasure; there are exceptions.|
|4. The right to restrict processing||You have rights to ‘block’ or suppress further use of your information in certain circumstances. When processing is restricted, Ipsen can still store your information, but may not use it further.|
|5. The right to data portability||You have rights to obtain and reuse your personal data in a structured, commonly used and machine-readable format in certain circumstances.|
|6. The right to object||You have the right to object to certain types of processing, in certain circumstances.|
For more information on your rights, if you would like to exercise any of these rights you can contact us as follows:
You are not a patient please send us a Data Subject right request by completing this form.
You are a patient:
- In the context of pharmacovigilance:
You can contact the notifier in order to exercise your rights, however if you choose to contact Ipsen Global DPO directly, by sending an email to: firstname.lastname@example.org, you should be aware that your identity will be revealed to the Data Protection Officer.
- In the context of Medical Information:
You can exercise your right by sending an email to: GlobalMedInfo@ipsen.com, however if you choose to contact Ipsen Global Data Protection Officer directly, by sending an email to: email@example.com, you should be aware that your identity will be revealed to the Data Protection Officer.
If you are not satisfied with the response to your complaint or believe the processing of your information does not comply with data protection law, you can make a complaint to the relevant data supervisory authority.
Term of retention
- In the context of Pharmacovigilance:
your personal data will be kept in an active database for the duration of the current use of this data;
It will be then kept in intermediate storage for the legal or regulatory period applicable to each health check. In the absence of a legal or regulatory duration, your personal data will not be kept for more than 70 years from the date of withdrawal of the medicinal product from the market.
At the end of these periods, your personal data will be deleted or archived in an anonymised form.
- In the context of Medical Information:
The personal data will be kept for up to ten years and is in line with local regulations.
In no instance will your data be retained for longer than 10 years unless there is any legal or regulatory provision requiring otherwise.
How to contact us
If you have any questions or comments about this Privacy Notice, please feel free to email Ipsen’s Data Protection Officer at firstname.lastname@example.org.
If you are a patient, you should be aware that your identity will be revealed to the Data Protection Officer.