At Ferring, your privacy is important to us and we are committed to ensuring our data protection practices adhere to applicable European and local national data protection regulations.
This Pharmacovigilance Privacy Notice describes how Ferring collects, holds and processes personal data to fulfil our duty to monitor the safety of all Ferring medicines, also known as our pharmacovigilance obligations. This Pharmacovigilance Privacy Notice also describes the ways in which we will ensure your personal data is protected in accordance with the applicable regulations.
- Why do we collect your personal data?
- What personal data do we collect about you?
- What do we use your personal data for?
- Which is the legal basis for processing your personal data?
- With whom do we share your personal data?
- Where will the personal data be held and will it be transferred to another country?
- How do we ensure the security and protection of your personal data?
- What are your rights?
- How to contact us
Why do we collect your personal data?
For the purpose of safety (pharmacovigilance) reporting, Ferring is legally obliged to collect specific personal data in relation to individuals who use our products.
When you, your doctor or a third party provide Ferring with information on an adverse event experienced with the use of our products, we collect and process personal data where relevant and necessary to document the adverse event properly and to meet our pharmacovigilance obligations. These obligations exist to allow Ferring and regulatory authorities to manage adverse events and make efforts to prevent similar events from happening in the future.
What personal data do we collect about you?
The personal data that we may collect about you when you are the subject of an adverse event:
- Name and/or initials
- Age and date of birth
- Weight and height
- Details of the product causing the adverse event
- The reason why you have been taking or were prescribed the product
- Details of other medicines or remedies you are taking or were taking at the time of the reaction
- The reason why you have been taking the other medicines and any subsequent changes in your medicines
- Details of the reaction you suffered, the treatment you received for that reaction, and any long-term effects the reaction has caused to your health
- Medical history considered relevant, including documents such as laboratory reports
- Additional information about your ethnicity, religion and sexual orientation if considered relevant for the use of the product and the reaction you experienced
The personal data that we may collect about you when you are the reporter of an adverse event:
- Contact details (which may include your address, e‐mail address, phone number or fax number)
- Profession (this information may determine the questions you are asked about an adverse event)
- Relationship with the subject of the report
If you are also the subject of a report, this information will be combined with the information you provide in relation to the adverse event. We will only collect the minimum data required for the purposes of fulfilling our pharmacovigilance obligations.
What do we use your personal data for?
Pharmacovigilance laws require us to collect information about the safety of our products. As a result, we must keep enough information to allow us to investigate adverse events and to request additional information. We will compare the information about the adverse event with information about other adverse events received by Ferring to properly analyse and assess the safety of the product(s) over time and to update the safety information available to patients, prescribers and regulatory authorities.
To do this, we keep the information for the period permitted by the applicable law.
Ferring will only use personal data collected for pharmacovigilance for this purpose and will not hold or process this data for any other purpose without notifying you in advance and/or obtaining the appropriate consent.
Which is the legal basis for processing your personal data?
Personal data is collected, handled and processed to fulfil pharmacovigilance obligations which serve as a legal requirement for public interest and public health reasons and therefore consent from data subjects prior to collection and processing is not required.
With whom do we share the information?
We share the information with regulatory authorities such as the European Medicines Agency, The US Food & Drug Administration and Medicines & Healthcare products Regulatory Agency in the UK, in accordance with national pharmacovigilance laws in the countries, where we market our product.
We may also share the information with other pharmaceutical companies, who are our co‐marketing, co-distribution or other license partners, where pharmacovigilance obligations for a product require such exchange of information. This means that your information will be shared outside of your country to countries that may have other requirements for data protection.
We may publish information about the safety of our products. We will remove identifiers from any publications, so that no individual can be identified.
We may also transfer data to a third party in the event of a sale, assignment, transfer, or acquisition of the company or a specific product or therapeutic area, in which case we would require the buyer, assignee or transferee to treat that personal data in accordance with applicable data protection law.
Where will the data be held, and will it be transferred to another country?
Our pharmacovigilance obligations require us to review patterns across adverse event reports received from all countries, where we market our products. To meet these requirements, information provided as part of an adverse event report is kept under secure conditions in the local Ferring office in the country/region of the report and is transferred to Ferring headquarters. Upon transfer, only the minimum data required is included. Any names and contact details of patients and reporter are hidden, meaning that only information on age/age group, date of birth and gender is transferred in addition to the information concerning the reaction and the health of the patient.
Any such transfers outside of the European Economic Area will be safeguarded by internal international data transfer agreements, to ensure that your personal data is protected in accordance with the applicable European and national data protection laws.
How do we ensure the security and protection of your personal data?
Ferring maintains a number of appropriate technical and organisational security measures to safeguard your personal data from unauthorised access, use, disclosure, accidental destruction or loss. For example, where appropriate, Ferring is committed to the encryption, anonymisation or pseudonymisation of personal data, and personal data will be stored securely in a designated system. Our internal policies and procedures are designed to prioritise and promote the protection of personal data.
While our data security measures are continually evaluated and updated, the security of data transferred via the internet from a computer or other device cannot be guaranteed and you are encouraged to take steps to protect yourself online and against unauthorised use of your passwords, and mobile devices, as well as installing the appropriate firewall, anti-virus and anti-spyware protections for your computer.
A non-exhaustive list of possible data incidents may include,
- a lost/stolen laptop
- an external hacker
- an email containing personal data sent in error
- information lost in transit
- documents left in unsecured location.
If you suspect any security compromise or detect vulnerabilities, it is essential to report these data incidents immediately by using the Data Subject Contact Form.
What are your rights?
If and when we collect, hold and process your personal data, you will be afforded specific rights as a data subject. Ferring will give effect to these rights in accordance with the applicable European and local national data protection laws and where pharmacovigilance laws permit. Your rights as a data subject are the following:
- Right to be informed: You have the right to know what personal data of yours is being collected, how long it is being used, how long it will be kept and whether it will be shared with any third parties.
- Right to access and rectification: You have the right to request a copy of the information we hold about you, as well as the right to request corrections of the personal data we hold if it is inaccurate. We may require you to provide proper identification before we comply with any request to access or correct personal data.
- Right to erasure and restriction of processing: For legal reasons, we cannot delete information that has been collected and processed as part of an adverse event report unless it is inaccurate. However, you may have the right to restrict the processing of your personal data, if, for example, you believe the data is incorrect.
- Right to data portability: you have the right to request a copy of the personal data we hold, as well as the right to request this data to be transferred to another controller. This right is subject to certain conditions and may not apply, for example, if not permitted for reasons of public interest, or is not technically feasible.
- Right to object: As the data collected as part of an adverse event report is processed for reasons of public health and interest, you cannot object to the use of the data.
- You have the right to contact or lodge a complaint with your local data protection supervisory authority.
If you would like further information about your rights as a data subject, please see the general Ferring Privacy Notice. In case you wish to submit a request in relation to a data subject right, please use the Data Subject Contact Form. We will respond to an incoming request as soon as possible.
Any changes to this Pharmacovigilance Privacy Notice will be communicated at the Ferring website. We recommend you consult our Pharmacovigilance Privacy Notice when revisiting our website to review any changes and to keep informed about our ongoing commitment to respecting the right to privacy and to providing the highest possible level of data protection.
How to contact us
Personal data submitted to Ferring is stored locally in the country of origin as well as in the Ferring global safety database on servers situated within the EEA. The servers are owned and maintained by Ferring Pharmaceuticals A/S, whose principal place of business is at Amager Strandvej 405, 2770 Kastrup, Denmark.
If you have any questions or comments regarding this Pharmacovigilance Privacy Notice please contact Ferring Entity and Ferring local mailbox in the country/region to where the data was initially reported.
In case you wish to:
- Report a data incident or suspected personal data breach,
- Submit a request to exercise your rights as a data subject, or
- Contact the Global Data Protection Officer with a general enquiry, please utilize the Data Subject Contact Form.
Alternatively, mail us to the following address:
(Att.: Data Protection Officer)
Ferring International Center S.A.
Chemin De la Vergognausaz 50
1162 St Prex
or, at the EU Representative for GDPR,
(Att.: Data Protection Officer)
Ferring International PharmaScience Center (IPC)
Amager Strandvej 405
This Pharmacovigilance Privacy Notice was last updated on 16-Feb-2022.