PRIVACY POLICY
Version 1.0
8 november 2022
- General information
Studio Pharma BV (hereinafter "Studio Pharma", "we", "us") offers a comprehensive package of regulatory services to the pharmaceutical and food industry.
Studio Pharma respects your privacy and strives to always treat your personal data with the necessary care and confidentiality. We hereby undertake to always comply with the General Data Protection Regulation ("GDPR") and other applicable regulations.
You will find all our relevant details below and can also contact us at any time using the contact details provided for further questions or comments regarding how we handle your personal data.
Name: Studio Pharma BV
Company number: BTW BE 0883.309.219
Address seat: Artemeersstraat 11, 9880 Aalter, BELGIUM
E-mail address: info@studiopharma.be
-
What is the scope of application of this Privacy Policy?
This Privacy Policy is only applicable when Studio Pharma is in charge of the processing of your personal data. This means that Studio Pharma acts as data controller and determines why and how your data is being processed.
‘Processing’ means any kind of data processing that could identify you as a natural person. Which specific data this may concern, will be explained in detail below. The concept of ‘processing’ is broad and includes for example the collection, storage, disclosure and distribution of your data.
This Privacy Policy is applicable on the processing of personal data by Studio Pharma from the categories of persons mentioned hereunder. For reasons of transparency and clarity, we will keep distinguishing between these categories of persons throughout the Privacy Policy, where relevant. Which data we process from you, the purposes for which we process your data, and other relevant elements are after all dependent on your relationship with Studio Pharma. The categories include persons who belonged to these categories in the past (e.g. former clients), and persons who may belong to these categories in the future (e.g. potential clients).
- visitors of our public website https://studiopharma.be/;
- our clients;
- our business partners, that assist us in operating our activities;
- staff candidates.
If one of the persons referred to above is a legal person, we still process data from our contact persons at these entities and the GDPR applies.
If we process personal data of other data subjects (e.g. patients, consumers, health care professionals, physicians, pharmacists), specifically does involved in the services we provide to our clients (e.g. pharmacovigilance services), we do this under instruction of our client and we do not act as a data controller but a data processor.
- What personal data do we process?
Below we clarify what personal data we may process from you. Depending on the specific situation, your preferences and the way in which you contact us, we may not process all of the data below.
General
From all our contacts we may process the data below:
|
Type of data |
Examples (non-exhaustive) |
|
If we use cookies: electronic identification and usage data (related to our own website) |
IP address, browser type, location data, by which route you arrived at our website, the type of device you use to visit our website, the web pages visited, the way you navigate on the web pages visited. This data is processed mainly through the use of cookies. |
|
Identification data |
A copy of your identity card (solely to verify your identity if you wish to exercise any of your rights as a data subject under the GDPR). |
|
Contact details and history |
Name, first name, address, email address, phone number, communications sent and received (e.g., email messages, messages sent via the contact form on our website, letters, etc.). |
Clients and business partners
From (contact persons of) our clients and business partners we may additionally process the following data:
|
Type of data |
Examples (non-exhaustive) |
|
Contact details and history |
See above. |
|
Payment and billing information |
Payment card details, bank account number, if you make payments to us or receive payments from us. |
|
Feedback |
Any feedback you may have, as a business partner, on our co-operation. |
Staff Candidates
Of staff candidates we may additionally process the following data. Of course, this will largely depend on what data you wish to provide us with in connection with your job application.
|
Type of data |
Examples (non-exhaustive) |
|
Contact details and history |
See above. |
|
Personal details |
Age, gender, date of birth, nationality. |
|
Work related data |
Curriculum vitae, education, certificates and credit lists, language skills, professional career, publications, portfolio. |
|
Personality Profile |
Motivation letter, hobbies, social activities, personality, interview notes. |
|
Audiovisual data |
Pictures and video recordings that you would provide to us in the context of your application. |
Special categories of personal data
Special categories of personal data are personal data relating to health, racial or ethnic origin, political opinion, religious beliefs, trade union membership, genetic or biometric data, sexual orientation/life, criminal conviction. In principle, we will not process special categories of data in our capacity as a data controller unless you provide it to us with your explicit consent. However, the processing of special categories of personal data, in particular health data, can occur when providing services to our clients. As mentioned before this type of data will then be processed in our capacity as data processor, not data controller and is therefore not subject of the present Privacy Policy.
We only process your personal data for legitimate purposes that are part of our organisation’s activities. The processing is always based on the legal grounds listed in the GDPR.
General
The processing steps below are potentially relevant to all of our contacts.
|
Processing purpose |
Legal basis |
|
Answering your question when you contact us, should this not be (or no longer be) part of an existing, former or potential future relationship with you as our client, business partner, or staff candidate, including when this is done through one of the forms on our website. |
Legitimate interest
|
|
Promoting the activities of Studio Pharma, by using your contact information to send newsletters or other marketing materials (to you, if you give your express consent to do so, via email or via the registration form on our website, or if it is possible based on our legitimate interests. You have the right to withdraw your consent at any time by using the unsubscribe link at the bottom of any such message you receive from us. You also have an absolute right to object to such processing, after which we must cease such processing. |
Consent |
|
Legitimate interest, if possible, after consideration. |
|
|
If we use cookies: to provide a website that functions properly on a technical level by using strictly necessary cookies, so that we can provide you with a safe and well-functioning website. |
Legitimate interest |
|
If we use cookies: the use of analytical cookies on our website to understand how you use our website, for the purpose of, among other things, detecting navigation problems, and making the website more user-friendly and attractive. |
Consent
|
|
If we use cookies: the use of marketing cookies on our website, for the purpose of implementing features on our website provided by social media. |
Consent |
|
Fulfilling our legal obligations as an organisation, such as data protection and tax/accounting obligations. |
Legal obligation |
|
To ensure the possibility of exercising or defending the interests of Studio Pharma in court, and to actually do so, if we believe that our interests are being harmed and legal proceedings are imminent (e.g., judicial collection of an unpaid invoice), or if legal action should be taken against us by a person who feels aggrieved by us (e.g., for defense if you would like to hold us liable for defects in the delivery of our merchandise or in our services). |
Legitimate interest |
Clients and business partners
From our business partners we process the personal data additionally for the following purposes:
|
Processing purpose |
Legal basis |
|
Entering into, performing or terminating the specific agreement with you as our client or business partner, fulfilling our pre-contractual obligations, managing our client relationship or relationship as business partners, communicating with you, paying the amounts we owe you as your business partner, or invoicing and collecting the amounts you owe us as a result of the cooperation. |
Necessity for the formation or performance of a contract.
|
|
|
Legitimate interest (for contacts at our business partner who are not a party to the contract) |
Staff Candidates
From our prospective staff, we process the data additionally for the following purposes:
|
Processing purpose |
Legal basis |
|
Assessing whether Studio Pharma wishes to enter into an employment or partnership agreement with you.
|
Necessary for the formation of a contract. |
|
Keeping for a maximum of 2 years the data you provided us with in the context of a job application, if you have an interesting profile, but we could not make you an initial proposal because a suitable position was not available. If a suitable position should become available, we will use your data to contact you again and gauge your interest in further discussions. |
Consent |
General
We will not transfer your data to third parties, unless this is necessary for achieving one of the aforementioned purposes, you give your consent for such transfer, or we are required to do so by law.
Where necessary we engage external service providers, so called “data processors”, to support our operational purposes such as providing our services, managing our IT systems or performing any other (internal) business processes such as the digital storage of our client files. These external service providers may perform certain processing activities on your data on our behalf. We will only share your data with these external service providers to the extent necessary for the relevant purpose. The data may not be used for any other purposes by these third parties. In addition, these service providers are contractually bound to ensure the confidentiality of your data by means of a so-called “data processing agreement” concluded with these parties.
Identification of categories of recipients
Specifically, this means that we share your data, to the extent relevant in your situation, with the following third parties for the following purposes, with these third parties in certain cases acting as processors on our behalf:
|
Potential category of recipients of your data
|
Legal basis |
|
The processors who assist us in operating our activities, such as:
|
Necessity for the conclusion or performance of a contract, if you are our client, business partner or prospective employee.
Legitimate interest if no (direct) contract between us applies or is contemplated, e.g. if you are merely our contact at our client or business partner.
Your consent where relevant, e.g. when subscribing to the newsletter. |
|
Governmental bodies, judicial authorities and practitioners of regulated professions such as auditors, accountants and lawyers, for the purpose of fulfilling our legal obligations as a company, and the efficient defense of our interests in the context of any legal dispute, for the data strictly necessary for this purpose. |
Legal obligation if the transfer is in line with a legal obligation or government order. |
|
Legitimate interest for any other transfer |
We do not store your data for longer than is necessary in order to achieve the purpose for which the data has been collected or processed, as specified above.
Since the period for which the data can be stored depends on the purposes for which the data has been collected, the storage period will vary according to the individual situation. Sometimes specific legislation will require that we store certain data for a certain period. Our retention periods for personal data are based on legal requirements and balancing your rights and expectations against what is useful and necessary to provide our services, or allow you to provide your services to us.
When it is no longer necessary to process your data, we will delete or anonymize your data. If this is not (technically) possible, for example because your data is stored in backup archives, then we will retain your data, but we will not further process it and will remove it when this becomes possible.
As a client, business partner or staff candidate, we mainly obtain your personal data directly from you, as a result of the contact we have with each other with a view to the (possible) provision of services or support or possible collaboration. However, we cannot rule out obtaining certain of your personal data indirectly in specific circumstances, from public sources or from third parties.
We may also obtain personal data indirectly from our clients or business partners.
For example we may obtain personal data of our clients or business partners indirectly from public sources. This mainly concerns limited data about your organisation that is publicly available, such as on the website of your organisation, or in the company register of your country.
Finally, we may consult the profile of staff candidates on professional social media platforms, or receive your details from a recruitment agency should you apply with us this way.
In the event we obtain your data indirectly, we will inform you about the processing of your data no later than at the time of our first contact with you.
Your personal data is mainly stored externally with specialised third parties, such as the external service providers we engage for hosting our website. We outsource the majority of our technical processing activities to third parties, who act as data processors on behalf of Studio Pharma. We try to engage external service providers that are based inside the European Economic Area (EEA).
However, it is possible that your personal data is transferred outside the EEA in connection with the provision of the by you requested service and support of Studio Pharma. As a result, your personal data may be transferred outside the countries where we and you are located. This includes to third countries outside the EEA and to countries that do not have laws that provide specific protection for personal data. We have taken steps to ensure all personal data is provided with adequate protection and that all transfers of personal data outside the EEA are done lawfully.
Where we transfer personal data outside of the EEA to a country not determined by the European Commission as providing an adequate level of protection for personal data, the transfers will be under an agreement which covers the EU requirements for the transfer of personal data outside the EU, such as the European Commission approved standard contractual clauses or your explicit consent that will be requested before transferring your personal data outside of the EEA.
In any case, we and our processors have taken the necessary technical and organizational measures with a view to protecting your data against loss or any form of unlawful processing. We only grant access to the data to our own employees and third parties if they need access for legitimate, relevant business purposes.
You have several rights concerning the personal data we process about you. If you wish to exercise any of the rights set out below, please contact us using the contact details provided in the first heading of this Privacy Policy.
Right of access and copy
You have the right to access your data and to obtain a copy thereof. This right also includes the possibility of requesting further information on the processing of your data, including on the categories of data processed about you and for what purposes.
Right to rectification
You have the right to have your data amended if you believe we have incorrect data.
Right to erasure (right to be forgotten)
You have the right to request that we delete your data without unreasonable delay. However, we will not always be able to comply with such a request, including when we still need the data in function of a current contractual relationship, or when the retention of certain data for a certain period is required by law.
Right to restriction of processing
You have the right to restrict the processing of your data. In this way, the processing is temporarily stopped until, for example, there is certainty about its accuracy.
Right to withdraw your consent
Where processing is based on your consent, you have the right to withdraw this consent at any time by contacting us. For marketing messages you receive from us via email based on your consent, you can easily withdraw this consent by clicking 'Unsubscribe' at the bottom of each such message.
Right to object
You have the right to object to the processing of your data based on our legitimate interests. This should be based on reasons specific to your situation. In this case, we must stop processing unless we provide compelling legitimate grounds to continue processing.
However, you can always object to the use of your data for direct marketing purposes, after which we are obliged to stop the processing for these purposes.
Right to data portability
You have the right to obtain your data, which you have provided to us yourself, in electronic form. In this way, they can be easily transferred to another organization. You also have the right to request us to transfer your data directly to another organization, if this is technically possible.
Right to complain to your supervisory authority
If you believe that we are improperly processing your data, you always have the right to lodge a complaint with your data protection supervisory authority. You can do this with the supervisory authority of the EEA member state where you usually reside, where you have your place of work or where the alleged infringement has taken place. Since we manage and coordinate the project activities primarily from Belgium, please refer below to the contact details of the Belgian Data Protection Authority.
Belgian Data Protection Authority (GBA)
Drukpersstraat 35
1000 Brussels
+32 (0)2 274 48 00
Website GBA - filing a complaint
For further information and the contact details of the supervisory authority of each EEA member state, please refer to this website page of the European Data Protection Board with all relevant contact details. In addition, you may always apply to the competent civil court to make a claim for compensation.
You can exercise the aforementioned rights simply by contacting us using the contact information set forth in the first heading of this Privacy Policy.
When you make a request to exercise your rights, if we have any doubts about your identity, we will ask you to verify it. In this case, we will request the transmission of documents that enable your identification beyond a reasonable doubt, such as a copy of the front of your identity card. We do this to prevent your data from falling into the wrong hands. It is sufficient for such a copy to show your name and date of birth clearly. You preferably delete all the other data.
The exercise of your rights is in principle free of charge. However, where your request is manifestly unfounded or excessive, we may charge you a reasonable fee in light of the administrative costs incurred by us. In the same case, however, we may choose not to act on your request. You will be informed of the reasons if we do so.
In any event, we will always inform you of the action taken on your request at the latest within 1 month of receipt. In the case of complex or frequent requests, this period may be extended to 3 months. In the latter case, you will be informed of the extension of the response period.
We reserve the right to change this Privacy Policy. The most recent version is available on our website at all times. The date on which this Privacy Policy was last amended can be found at the top of this page. In the event of a substantial change in the Privacy Policy, we will inform the data subjects on whom this may have an impact, directly if possible.