Pharmacovigilance Data Privacy Policy

Last updated on April 25th, 2022

Ensuring patient safety is of paramount importance to Maths in Health and we take the safe use of our clients’ products (meaning and including medicinal products, medical devices and nutritional supplements) seriously.

This Pharmacovigilance Data Privacy Policy applies to the pharmacovigilance process as described below of Maths in Health B.V. (Rotterdam) and Maths in Health Inc. (Chicago) (“MiH” “we”, “us”, “our”), in charge of managing and maintaining the MiH Pharmacovigilance System, in order to fulfil legal tasks and obligations in relation to pharmacovigilance related to our clients in the pharmaceutical industry. Please read this Pharmacovigilance Data Privacy Policy carefully and contact us if you have any questions. For general information about data processing at MiH, please visit the Privacy and Cookies Policy.

This Pharmacovigilance Data Privacy Policy explains what personal information may be collected and processed about you in order for MiH to fulfil the legal requirements to monitor the safety of all products we market, directly or indirectly.

SCOPE OF THIS PHARMACOVIGILANCE DATA PRIVACY POLICY
This Pharmacovigilance Data Privacy Policy applies to information we collect from the person (“you”, “your”) reporting the adverse event, as described below, online, by phone, fax, e-mail, or post, as well as through any media or communication channel and voice recordings, if any, or as part of the adverse event reporting processes applicable to MiH clients. If you are a patient we may also be provided with information about you by a third party reporting an adverse event that affected you, such as but not limited to, e.g. our commercial and licensing partners, service providers, healthcare professionals or relatives to you.

WHY WE COLLECT INFORMATION
Information on adverse events is very important for public health and will be used for the detection, assessment, understanding and prevention of adverse effects or any other products-related problem. A pharmacovigilance system, including safety databases, is used to fulfil MiH’s legally binding obligations in relation to pharmacovigilance and to monitor the safety of products (meaning and including medicinal products, medical devices and nutritional supplements) and detect any change in their risk-benefit balance. The purpose for processing the personal data about you, provided to document information on adverse events through the MiH patient safety reporting channels, is to enable MiH to maintain its pharmacovigilance system as required by applicable pharmacovigilance legislation (e.g. by the European Medicines Agency [EMA] and the US. Food and Drug Administration [FDA]) where MiH provides services for clients making medicinal products, devices, and nutritional supplements.

INFORMATION WE COLLECT ABOUT PATIENTS (SUBJECT OF THE REPORT)
We collect personal data about you when you, or a third party, provide us with information about you in relation to an adverse event that affected you. Where you are reporting the adverse event yourself, please also refer to the section below.

The personal data that we may collect about you when you are the subject of an adverse event report is: name or initials; age and/or date of birth and/or age group; gender; weight and height; details of the product causing the event, including the dosage you have been taking or were prescribed, the reason you have been taking or were prescribed the product and any subsequent change to your usual regimen; details of other products or remedies you are taking or were taking at the time of the event, including, as necessary and/or known, the dosage you have been taking or were prescribed, the period of time you were taking that product; details of the adverse event you suffered, the treatment you received or any measure taken for that event, any long‐term effects the event has caused to your health; and other medical history considered relevant to document the, such as lab reports, medication history and patient history.

Some of this information may be considered by law to be “special categories of personal data” (formerly known as sensitive personal data) about you. This includes any information that tells us about your health and may be ethnicity, religion, and sexual life, when strictly necessary.

This information is only processed where relevant and adequate to document your adverse event properly and for the purpose of meeting our pharmacovigilance requirements. These pharmacovigilance requirements exist to allow us and Health Authorities to diagnose, manage and prevent such adverse events from occurring in the future.

INFORMATION WE COLLECT ABOUT REPORTERS
As a service provider for clients in the pharmaceutical industry, MiH is legally required to ensure that adverse events are traceable and available for follow-up. As a result, we must keep information about the reporter (i.e. the person reporting the occurred adverse event) to allow us to contact him/her once we have received the report. The personal data that we may collect when you report an adverse event is your: name; contact details (which may include your address, e‐mail address, phone number or fax number); profession, and in case of healthcare professionals it may be asked also the clinic/institution name and address. All this information may determine any other further questions you could be asked about when you report an adverse event. It must be eventually defined the relationship between you and the subject of the adverse event.

LEGAL BASIS FOR PROCESSING
The legal basis for processing of the personal data is observance of MiH legal obligations in order to comply with specific pharmacovigilance legislation, in conjunction with the EU General Data Protection Regulation 2016/679 (“GDPR”) as well as any legislation enacted either by the European Commission or any European country for the purpose of implementation or adaptation of the GDPR; the Swiss Federal Act on Data Protection of 19 June 1992 and/or other country regulations in that are similar, equivalent to or that are intended to or implement and/or modify the laws that are identified in above.

HOW WE SHARE YOUR PERSONAL DATA
We may share your information with MiH affiliates, entities and third parties, including commercial and licensing partners and service providers who may assist MiH in pharmacovigilance processes, such as receipt and follow-up of reported adverse events, reporting to Health Authorities as set forth by the applicable law and signal evaluation. All these companies agree to process your personal data in accordance with this Pharmacovigilance Data Privacy Policy. We are also obligated to submit the data to worldwide Health Authorities, as applicable by law, for their databases, to manage and analyse information on adverse events.

If ownership or control of the MiH or all or any part of our products, services or assets changes, we may transfer your personal data to any new owner, successor or assignee, in which case we would require the new owner, successor or assignee to treat your personal data in accordance with this Pharmacovigilance Data Privacy Policy.
Also, personal data may be disclosed to a third party such as a Health Authority, in case we are required to do so because of an applicable law, court order or governmental regulation, or if such disclosure is otherwise necessary in support of any criminal or other legal investigation or proceeding here or abroad. MiH will never disclose the collected data for commercial purposes.

TRANSFERS OF PERSONAL DATA OUTSIDE THE EEA
Some recipients of Personal Data, as stated above, may reside outside the European Economic Area (EEA). The level of legal protection for personal data is not the same in all countries and may not provide the same level of protection as the data protection laws in the EEA or of the country in which you live, in such case MiH will take reasonable efforts and security measures to keep your information secure and to ensure that the transfer takes place in accordance with this Pharmacovigilance Data Privacy Policy and applicable laws. You may contact us at privacy@mathsinhealth.com if you have any questions about the methods we use to safeguard any personal information transferred outside the EEA.

RETENTION OF PERSONAL DATA
MiH is required to store all information including the personal data regarding safety of products for at least ten years after the end of the expiration of the marketing authorisation or longer if required by local legislation.

INFORMATION REGARDING YOUR RIGHTS
Individuals in the EEA have certain data subject rights which may be subject to limitations and/or restrictions. These rights may include the right to: (i) request access to and rectification or erasure of their personal data; (ii) obtain restriction of processing or to object to processing of their personal data; and (iii) the right to data portability.
If you wish to exercise one of the above-mentioned rights, please send us your request via email to: privacy@mathsinhealth.com. Individuals may also lodge a complaint about the processing of their personal data with their local data protection authority, according to the applicable law.

SECURITY
MiH takes precautions to ensure that personal data collected for pharmacovigilance purposes is protected and that the processing is in accordance with applicable data protection rules, consistent with generally accepted industry standards, including technical, administrative and physical safeguards to protect the personal data submitted to us from loss, misuse and unauthorised access, disclosure, alteration, and destruction.

Access to safety data systems is restricted to named individuals and any changes to data can be identified.

Any hard copies of documents are stored in a secure and robust area such as fireproof cupboards or archives to which access is limited.

CHANGES TO THIS PHARMACOVIGILANCE DATA PRIVACY POLICY
We may update this Pharmacovigilance Data Privacy Policy from time to time. In case of material changes (meaning any changes that materially affect your rights), a temporary notice will be published on the website.

CONTACTS
Should you have any further question on this Pharmacovigilance Data Privacy Policy you may send an email to  privacy@mathsinhealth.com