Pharmacovigilance Privacy Notice
As a pharmaceutical company, Jazz Pharmaceuticals plc and its corporate subsidiaries and affiliates (hereafter collectively “Jazz”, “we”, “us”) are legally required to monitor the safety of all Jazz products worldwide (also known as our pharmacovigilance obligations). To comply with our pharmacovigilance obligations and in the interest of protecting patient safety, we are obliged to collect and process personal data (i.e. information that directly or indirectly identifies a natural person) from individuals who experience and/or report an adverse event (meaning an unfavourable, untoward or unintended event following the use of our products, whether or not considered associated with the treatment).
This Pharmacovigilance Privacy Notice is intended to provide you with important information regarding how we collect, share and use your Personal Data for pharmacovigilance purposes and how you can exercise your privacy rights under applicable privacy and data protection laws and in particular the EU General Data Protection Regulation ((EU) 2016/679) (“GDPR”).
For the purposes of European data protection laws, we are the controller of your personal data.
1. How do we collect your personal data?
Any personal data which we process is provided to us either by you directly, from a health care professional reporting an adverse event on behalf of a patient or via a third party (e.g. pharmacy, regulatory agency, distributor, market research agencies, etc).
2. What personal data do we collect about you?
We will only collect the minimum data required for the purposes of fulfilling our pharmacovigilance obligations.
(a) About the patient
Personal information includes, but is not limited to:
- Patient ID/Initials
- Contact Details (if patient is the Reporter)
- Social Media Handle
- Date of Birth
- Age/Age Group at Onset
- Ethnic Origin
- AE information including:
- Suspect Drug
- Concomitant Medications
- Hospitalisation details relevant to the AE
- Medical History
- Reporter Name
- Contact Details
- Social Media Handle
- Professional qualifications
- investigate the adverse event;
- contact reporters for further information about the adverse event reported;
- collate the information about the adverse event with information about other adverse events received by Jazz to support safety monitoring of the product; and
- provide mandatory reports to national and/or regional competent regulatory authorities.
- Request access to your personal data, and request a copy of the data we hold;
- Rectify any information we hold if it is incorrect;
- Request data portability- to transfer data we hold about to you to another party;
- Request the restriction of processing your personal information (unless this request conflicts with our legal obligations);
- Request the deletion of your personal data. Please note that we cannot delete information which was provided to us in relation to the reporting of an adverse event; and
- Complain to your national data protection supervisory authority.
(b) About the reporter
3. Why do we collect your personal data?
Pharmacovigilance regulations were put in place to protect Public Health. It requires pharmaceutical companies to collect safety information related to their products and investigate any reports of adverse events that they receive.
As part of meeting our pharmacovigilance obligations, we may process personal data to:
We will only use personal data collected for pharmacovigilance for this purpose.
4. Legal basis for processing your personal data
Jazz process personal data collected for pharmacovigilance to comply with its legal obligations to monitor and report adverse events and for reasons of public interest and public health.
5. Who do we share your personal data with?
Personal data provided as part of an adverse event report are shared within Jazz on a worldwide basis through the Jazz Global Safety Database. The Jazz Global Safety Database is validated and tested periodically to ensure appropriate security and access to the system is restricted to authorised personnel only.
Jazz is also obliged to transfer adverse event data to regulatory authorities such as the European Medicines Agency, the US Food and Drug Administration, and any other national regulatory authorities for their databases including the European Medicine Agency’s EudraVigilance database. Any names and contact details of patients are hidden, meaning that only information on age/age group, date of birth and gender is transferred in addition to the information concerning the reaction and the health of the patient.
Jazz may also disclose your personal data:
(i) to pharmacovigilance service providers (e.g. safety database providers, call centre operators);
(ii) to any third party that acquires, or is interested in acquiring, all or part of Jazz’s assets or shares, or that succeeds Jazz in carrying on all or a part of its business, whether by merger, acquisition, reorganization or otherwise; or
(iii) as required or permitted by law, including to comply with a subpoena or similar legal process or government request, or when Jazz believes in good faith that disclosure is legally required or Jazz has a legitimate interest in making a disclosure, such as where necessary to protect Jazz’s rights and property.
Adverse event information may also be published in case studies. In such situations any identifying information will be removed from the publication to ensure complete anonymity.
6. International Transfers of Personal Data
Jazz may disclose your personal data to recipients (as described above) located outside of your country to a country which may not have privacy and data protection laws equivalent to those in your country. In such a case, Jazz will take all necessary steps to ensure the safety of your personal data in accordance with the applicable privacy and data protection laws.
Certain international recipients of your personal data may have signed special contracts with Jazz to provide legal protection for your transferred personal data (e.g. “Standard Protection Clauses”).
Jazz’s affiliate, Jazz Pharmaceuticals Inc. (“Jazz US”) complies with the EU-U.S. and Swiss-U.S. Privacy Shield Frameworks (the “Privacy Shield”) and has self-certified to the Department of Commerce that it adheres to the Privacy Shield Principles (the “Principles”). Jazz US commits to subject all personal data received from the EEA and Switzerland under the Privacy Shield, to the Principles. To learn more about the Privacy Shield program, and to view Jazz US’ certification please visit http://www.privacyshield.gov.
You can request further information using the contact details below.
7. How long will we keep your personal data?
Adverse event and safety information for Jazz’s products, which may include personal data and related correspondences, are retained at least for the duration of the product life-cycle and for an additional twenty-five years after the product has been removed from the market in accordance with our Record Management Policy.
8. Your Rights
You have certain rights under applicable privacy and data protection laws, which may be subject to limitations and/or restrictions. These include the right to:
Please be aware that there may be limitations to your rights if they interfere with our legal pharmacovigilance obligations. For security reasons you may be required to provide adequate identification before we are able to action any of your rights.
In order to exercise any of your rights please contact us using the contact details provided below.
9. Contact Us
All your requests, inquiries or complaints regarding this Privacy Notice or relating to the processing of your personal data including all requests as detailed in the Section, ‘Your Rights’ above, should be sent in writing to Jazz’s Data Protection Officer at the following address: Jazz Pharmaceuticals, Data Protection Officer, 84 Quai Charles de Gaulle, 69006 Lyon, France or by email at: email@example.com.