Merqurio Pharma Srl, with its registered office at Corso Umberto I,23 Naples, Fiscal Code and Business registration number 05460871212 (hereinafter referred to as “the Data Controller”), in its capacity as the data controller, informs you that, according with art. 13 of the D.L. n.16 of 30.6.2003 (hereinafter referred to as the “Privacy Code”) your data will be processed for the following purposes with the methods explicate below:

Object of the processing

The Data Controller processes identification (i.e. name, surname, address, fiscal code, mobile phone number) and sensitive (e.g. data pertaining health and drugs effects) data provided by you.

  1. Purposes of the processing

Your data will be processed for the Pharmacovigilance purposes sanctioned by the relevant national and EU regulations, for example:

  • Promptly identify previously unknown side effects and adverse reactions and assess their frequency and impact;
  • Monitor a drug safety in the day-to-day practice (Postmarketing surveillance);
  • recognize as soon as possible new adverse reaction to drugs (ADR);
  • expand and improve the body of information on suspected or already known adverse reactions;
  • Evaluate the advantages of a drug compared to other kinds of treatments;
  • Evaluate the causal correlation between the administration of a drug and the observed adverse reaction;
  • Discover possible drug interactions;
  • Evaluate data pertaining the spontaneous reports of ADR received and enter them in the company electronic log;
  • keep the logs and the archives of the documents pertaining pharmacovigilance;
  • Undergo or implement Pharmacovigilance Audits;
  • Fulfil the obligation to electronically submit (by E2B) ADR reports to the European Medicine Agency (EMA), by entering the data in the Eudravigilance system;
  • Comply with the regulatory requirement to alert the relevant authorities (e.g. Asl), to the subjects accessing the National Pharmacovigilance Network and to any entities that have to perform Pharmacovigilance activities, the information pertaining to ADR, to adhere to the regulations and ensure that the Drug have a positive risk-benefit profile.
  1. Methods of processing

Data handling is performed through the operation listed in art. 4 of the Privacy Code (collection, recording, organisation, keeping, interrogation, elaboration, modification, selection, retrieval, comparison, utilization, interconnection, blocking, communication, dissemination, erasure and destruction of data).  Your data are handled through paper or electronics means.

The Data Controller has adopted a wide variety of security measures to protect the Data against the risk of loss, abuse or alteration. In particular, the measures indicated by art. 32-34 of the Privacy Code;

The Data encryption technology established by the AES Standard (BCrypt) and the protected communication protocols HL7 and HTTPS; it adheres to ISO/IEC 27000, WG3 and WG4 Standard. Furthermore your Data are stored, in encrypted form, on Server situated on the EU territory. The Server have an advanced and daily back-up and disaster recovery system.

The Data Controller will retain the Data for the time needed to fulfil the purposes stated above and in any case for no more than 7 years.

  1. Access to data

Your data may be disclosed for the purposes stated in section. 2 to employees of the Data Controller in their capacity as data processors and/or system administrator and/or processing supervisors.

  1. Dissemination

Without your express consent (by art. 24 letter a, b, d, e, g and art. 26 letter b and d of the Privacy Code), the Controller, to comply with the obligations set by the regulation, would be able to communicate your data for the purposes stated in section 2 to the subjects accessing the National Pharmacovigilance Network and to any entities that have to perform Pharmacovigilance activities (i.e. AIFA, holders of an authorisation to place medicinal products on the market., Italian Regions, Pharmacovigilance offices in hospitals or research centers, relevant ASL). These subjects will process your Data as autonomous Data Controllers.

  1. Provision of data and consequences to the refusal to respond

The provision of data is discretionary. Therefore you can decide to provide them, allowing the Data Controller to process the for the purposes stated in section 2; Otherwise you can choose not to provide them, in which case we will forward the Pharmacovigilance report but only in anonymous form.

  1. Data subject’s rights

As the data subject, you are granted the rights established in the privacy code, and in particular: to obtain confirmation as to whether or not personal data concerning you exist, regardless of their being already recorded, and communication of such data in an intelligible form. To be informed of a) of the source of the personal data; b) of the purposes and methods of the processing; c) of the logic applied to the processing, if the latter is carried out with the help of electronic means; d) of the identification data concerning the data controller, data processors and the representative designated a per Section5(2); e) of the entities or categories of entity to whom or tho which the personal data may be communicated and who or which may get to know said data in their capacity as designated representatives in the State’s territory, data processors or persons in charge of the processing; To obtain updating, rectification or, when interested, integration of the data; b) to obtain erasure, anonymization or blocking of data that have been processed unlawfully, including data whose retention in unnecessary for the purposes for which they have been collected or subsequently processed; c) to obtain certification to the effect that the operations as per letters a) and b) have been notified, as also related to their contents, to the entities to whom or which the data were communicated or disseminated, unless the requirement proves impossible or involves a manifestly disproportionate effort compared to the right that is to be protected; to object, in whole or in part: a) on legitimate grounds (e.g. if the Contract is terminated), to the processing of personal data concerning  you, even though they are relevant ot the purposes of the collection; b) to the processing of personal data concerning you, where it is carried out for the purpose of sending advertising material or direct selling or else for the performance of market or commercial communication surveys by automated system such as email and/or fax and/or sms and/or traditional means such as telephone and/or post. Furthermore you have the rights granted by art.16-21 of EU regulations n. 2016/679 (right to rectify, right to be forgotten, right to limit the processing, right to data portability, right to object) and the right to lodge complaints to the lead supervisory authority.

Mechanisms to Exercise Rights

You are entitled to exercise your rights at any moment: by sending a registered letter with return receipt to ______________at the following address:_____________  by sending an email to _____________  or by calling the number______________.

  1. Data Controller, Data Processors and designated representatives

The Data Controller is  ______________. The Data Processor is _____________. The Data protection supervisor is ______________. An updated list of supervisors and representatives is available at the Data Controller headquarters in _________________.