Privacy Notice

1. THERAVIA AND YOUR PRIVACY

For the purposes of this Notice, « THERAVIA» means THERAVIA (SAS, with registered address 16 rue Montrosier, 92200 Neuilly-sur-Seine, and Trade Register n° Nanterre 816 420 301 00052).

This Privacy Notice (“Notice”) describes THERAVIA’s practices to ensure an adequate protection of personal data, i.e. any information relating to an identified or identifiable natural person, for all data processing carried out in the framework of its business and activities (“Personal Data”).

2. WHAT IS THE SCOPE OF THIS NOTICE ?

This Notice applies to all processing activities that THERAVIA is conducting towards the persons THERAVIA deals with, in its professional business activities. This includes in particular:

  • Patients and their relatives or close ones;
  • Participants in clinical trials;
  • Healthcare professionals;
  • Users of THERAVIA’s products and services, including websites and apps users;
  • Representatives of THERAVIA’s contractors and business partners;
  • Representatives of the scientific community etc;
  • Job applicants.

Specific consent forms and/or Specific Privacy and information Notices (“Privacy Notices”) will, if necessary, be communicated to you regarding specific situations where THERAVIA may process your Personal Data. These Privacy Notices shall describe in more detail how your Personal Data will be processed in relation with the processing in question. If the legislation of your country so requires, this Notice and/or Privacy Notices may be supplemented by local mandatory provisions, as the case may be.

Each Privacy Notice determines for what reasons (“the purposes“) your Personal Data is processed as well as the resources (“the means“) allocated to such processing.

3. VALIDITY AND EVOLUTION OF THIS NOTICE 

This Notice maybe modified by THERAVIA from time to time, in particluar to adapt its terms to evolutions or changes of applicable legislations and/or to THERAVIA’s practices. Changes will be available on this page. Should THERAVIA make any material changes to this Notice, THERAVIA will notify you by updating the date of this Notice and posting it on THERAVIA’s website.

4. THE PURPOSES

THERAVIA will always collect your Personal Data for explicit and legitimate purposes.

THERAVIA collects your Personal Data for the following purposes:

  • To carry out THERAVIA’s business operations; for marketing and sales’ purposes; to respond to your requests; to keep track of THERAVIA’s interactions and meetings, such as when you contact THERAVIAfor information and support;
  • To comply with legal or regulatory obligations that apply to THERAVIA; to monitor safety; to manage adverse events; to carry out prevention and investigatory activities; to carry out administrative formalities, registration, declarations or audits;
  • To conduct research and development; to carry out clinical studies, registries and trials; to manage and validate the recruitment and participation of individuals to studies, trials and other operations; to analyse demographic data; to offer special programs, activities, trials, events or promotions via THERAVIA’s services; to carry out market or consumer studies;
  • To allow THERAVIA to communicate with you; to respond to your requests or inquiries; to provide support for products and services; to provide you with important information, administrative information, required Notices, and promotional materials; to send you news and information about THERAVIA’s products, services, brands and operations; to organize and manage professional events and congresses, including your participation to such events;
  • To process payments THERAVIA may need to issue in a specific situation; to verify your financial data; to facilitate further payments;
  • To offer donations and sponsorships;
  • To respond to legal requests from administrative or judicial authorities, in accordance with applicable laws; to comply with a subpoena, required registration, or legal process;
  • To protect THERAVIA’s rights and interests; to protect the health, safety, and security of THERAVIA’s personnel and premises; to carry out internal audits, asset management, system and other business controls; to manage business administration (finance and accounting, fraud monitoring and prevention); to maintain the security of THERAVIA’s services and operations; to protect THERAVIA’s rights, privacy, safety or property; to allow THERAVIA to pursue available remedies or limit the damages that may incur as necessary; to protect THERAVIA against possible fraudulent actions.

5. ON WHAT GROUND ?

THERAVIA will always process your Personal Data lawfully.

Depending on the data processing at stake, THERAVIA will generally process your Personal Data on either one of the following legal basis:

  • Your prior consent: where you have clearly expressed your approval of THERAVIA’s processing of your Personal Data. In practice, this will generally mean that THERAVIA will ask you to sign a document, or to fill-in an online “opt-in” form or to follow any relevant procedure to allow you to be fully informed and then either clearly accept or refuse the intended data processing ;
  • A contractual relationship between you and THERAVIA: in such case, the processing of your Personal Data is generally necessary to the execution or the performance of the contract; this means that if you do not wish THERAVIA to process your Personal Data in that context, THERAVIA may or will be obliged to refuse to enter into such contract with you or will not be able to provide the products or services covered in this contract;
  • Legal obligations applicable to THERAVIA’s activities; for instance, THERAVIA is required to implement pharmacovigilance procedures to monitor adverse effects of marketed products, which generally involves the collection and retention of Personal Data;
  • The “legitimate interest” of THERAVIA in the sense of applicable data protection laws. In such a case, THERAVIA shall consider your fundamental rights and interests in determining whether the processing is legitimate and lawful.

THERAVIA may, on a case-by-case basis, rely on other legal grounds, such as the protection of your vital interests, in accordance with applicable data protection laws, as set forth in the applicable Privacy Notice.

6. WHERE DOES THE PERSONAL DATA COME FROM?

THERAVIA will always collect Personal Data from trusted sources.

THERAVIA may collect your Personal Data from different sources:

  • Data that you communicate to THERAVIA through various media, through registrations, surveys or direct and indirect interactions with THERAVIA. For example, data you provide to register to scientific events sponsored by THERAVIA, to submit an online application, to send THERAVIA a request for information, etc;
  • Data that THERAVIA collects in accordance with applicable laws from public sources available, including data published by you in all kinds of supports;
  • Data that THERAVIA legally obtains from third parties, for example, when confirmation for a contact or for any financial information or when verification of healthcare professionals’ licence to practice is needed. In such cases, THERAVIA generally receives such Personal Data from third-parties that are authorized to do so in the framework of their own Privacy Notices or in accordance with the law. THERAVIA will inform you in the Privacy Notice of the identity of those third-parties and will invite you to refer to their Privacy Notices for any inquiries on the origin of such Personal Data and the conditions of their collection.

7. ABOUT CHILDREN PERSONAL DATA 

While in some instances THERAVIA may collect Personal Data about children, with their parents’/legal guardians’ consent, for the provision of THERAVIA’s services, such as clinical activities or patient support programs, THERAVIA does not otherwise knowingly solicit Personal Data from, or market to, children. If a parent or guardian becomes aware that their child has provided THERAVIA with Personal Data, they should contact THERAVIA as described in the “How to Contact Us” section below. THERAVIA will take all reasonable steps to delete such information from THERAVIA’s database in accordance with applicable legal requirements.

8. WHO HAS ACCESS TO PERSONAL DATA? 

THERAVIA will share your Personal Data only with authorized parties.

For the purposes described above, THERAVIA may need to share your Personal Data with the following authorized third-parties:

  • THERAVIA’s affiliates;
  • THERAVIA’s partners (healthcare professionals and organizations, distributors, other members of the healthcare and pharmaceutical industry);
  • selected suppliers, service providers or vendors acting upon our instructions for website hosting, data analysis, payment processing, order fulfilment, information technology and related infrastructure provision, customer service, email delivery, auditing, etc;
  • legal or administrative authorities, as required by applicable laws including laws outside your country of residence;
  • potential acquirers and other stakeholders in the event of a merger, legal restructuring operation such as, acquisition, joint venture, assignment, spin-off or divestitures.

THERAVIA may need to share your Personal Data with other third-parties, in which case you will be duly informed through the applicable Privacy Notice.
In any case, THERAVIA will require that such third-parties:

  • undertake to comply with data protection laws and the principles of this Notice;
  • will only process the Personal Data for the purposes described in this Notice; and;
  • implement appropriate technical and organizational security measures designed to protect the integrity and confidentiality of your Personal Data.

9. WHERE MAY PERSONAL DATA BE TRANSFERRED? 

THERAVIA will ensure that transfers of your Personal Data outside the European Union are safeguarded.

THERAVIA works with partners and subcontractors located in many countries around the world. For that reason, THERAVIA may need to transfer (via access, visualization, storage…) your Personal Data in other jurisdictions, ranging from the European Economic Area to outside the European Economic Area, in countries that may not be regarded as providing the same level of protection as the jurisdiction you are based in.

10. SAFEGUARDS FOR INTERNATIONAL TRANSFERS OF PERSONAL DATA 

In cases where THERAVIA needs to transfer Personal Data outside the European Union, THERAVIA shall ensure that adequate safeguards, as required under applicable data protection legislation, will be implemented (including, notably, the European Commission’s Standard Contractual Clauses, if applicable).

11. HOW SECURE ?

THERAVIA will implement security measures to protect your Personal Data.

THERAVIA has implemented a variety of technological and organizational procedures and measures to ensure the integrity and confidentiality of your Personal Data from unauthorized access, use and disclosure. These measures shall take into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons.

For instance, THERAVIA stores your Personal Data on servers that have various types of technical and physical access controls, which may include, for instance, if appropriate, encryption. THERAVIA may also aggregate, pseudonymize or anonymize Personal Data to ensure that no personally identifiable information is communicated to third parties.

12. HOW LONG ?

THERAVIA will retain your Personal Data for no longer than necessary.

THERAVIA will retain your Personal Data only for the period necessary to fulfil the purposes outlined in this Notice.

As an exception, THERAVIA may be required to retain your Personal Data for longer periods as required or permitted by law, or as necessary to protect its rights and interests. In such a case, you will be informed of the intended retention period in the applicable Privacy Notice.

13. YOUR RIGHTS

THERAVIA will ensure that you can exercise your rights pertaining to your Personal Data.

You can exercise your rights as provided by data protection laws.
To that end, THERAVIA informs you that you are entitled:

  • to access upon simple request your Personal Data – in that case you may receive a copy of such data (if requested);
  • to obtain a rectification of your Personal Data should your Personal Data be inaccurate, incomplete or obsolete;
  • to obtain the deletion of your Personal Data in the situations set forth by applicable data protection law (“right to be forgotten“);
  • to withdraw your consent to the data processing without affecting the lawfulness of processing, where your Personal Data has been collected and processed on the basis of your consent;
  • to object to the processing of your Personal Data, where your Personal Data has been collected and processed on the basis of legitimate interests of THERAVIA; in that case you will need to justify your request by explaining to THERAVIA your particular situation;
  • to request a limitation of the data processing in the situations set forth by applicable law;
  • to receive your Personal Data from THERAVIA for transmission to a third-party or to have your Personal Data directly transferred by THERAVIA to the third-party of your choice, where technically feasible (this data portability right is only allowed where the processing is based on your consent).

If you would like to exercise any of these rights, please contact THERAVIA as described in the “How to Contact Us” section below and THERAVIA will take all the necessary steps to respond as soon as possible.

You may also file a complaint before a competent data protection authority regarding the processing of your Personal Data. While THERAVIA suggests that you contact THERAVIA beforehand, if you wish to exercise this right, you should contact directly the competent data protection authority.

14. HOW TO CONTACT US

THERAVIA welcomes any questions or comments you may have regarding this Notice or its implementation. Any such questions or comments should be submitted using the contact email: data.protection@theravia.com. 

Specific information about data processing by THERAVIA

  • Processing : Vigilance and Medical Information
  • Processing of Healthcare professionals’ Personal Data

In order to comply with applicable laws,  THERAVIA collects and processes your last name, first name, professional contact details (“Personal Data”), to answer your medical questions and/or carry out pharmacovigilance or materiovigilance (the “Purposes“).

When the processing relates to medical information, Personal Data is processed for a period of 10 years after THERAVIA’s last exchange with you (even after the end of the product’s marketing authoriszation),  for health authority inspection purposes.

When the processing relates to pharmacovigilance or materiovigilance purposes, Personal Data is archived and processed for a minimum period of 10 years after the withdrawal of the marketing authorization.

THERAVIA ensures the confidentiality of your Personal Data and will only disclose it to THERAVIA’s authorized personnel and third parties involved in the Purposes within the limits of applicable laws. In case Personal Data is stored outside the European Union, THERAVIA shall ensure that THERAVIA’s service provider complies with applicable laws. You have the right to request (i) access and/or (ii) rectification and/or (iii) restriction of ypur Personal Data. To exercise these rights, you can contact THERAVIA by email at the following address: data.protection@theravia.com. You also have the right to lodge any complaint relating to these prerogatives to the national data protection authority of your country.

  • Processing of patients’ Personal Data 

In the context of non-promotional medical information and pharmacovigilance and for regulatory purposes, THERAVIA collects and processes your initials, gender, age, medical history, relevant medical data, contact details (“Personal Data”) in order to answer your medical questions and/or carry out pharmacovigilance (the “Purposes”).

In accordance with applicable laws, Personal Data are archived and processed for the duration of THERAVIA’s exchanges and destroyed thereafter, except for pharmacovigilance and materiovigilance purposes where your Personal Data are pseudonymized and shall thereafter be kept for a minimum duration of 10 years after the withdrawal of the marketing authorization.

THERAVIA ensures the confidentiality of your Personal Data and will only disclose it to THERAVIA’s authorized personnel and third parties involved in the Purposes within the limits of applicable laws. In case Personal Data is stored outside the European Union, THERAVIA shall ensure that any service provider complies with applicable laws. You have the right to request (i) access and/or (ii) rectification and/or (iii) restriction (only if applicable), and/or (iv) to obtain the portability of your Data Personal (only if applicable). To exercise these rights, you can contact THERAVIA by email at the following address: data.protection@theravia.com. You also have the right to lodge any complaint relating to these prerogatives to the national data protection authority of your country.

  • Procsessing ; Quality Complaints on products 

As part of THERAVIA’s regulatory obligations, THERAVIA is required to collect and process your last name, first name, contact details and any other personal information that might be helpful (“Personal Data“), in order to respond appropriately to the complaints you have lodged (“the Purposes“).

The Personal Data collected as part of the follow-up to your report is kept for a period of 10 years in order to comply with THERAVIA’s regulatory obligations.

THERAVIA undertakes to ensure the confidentiality of Personal Data and to disclose it only to THERAVIA’s authorized personnel and/or to third parties involved in the Purposes and within the limits of applicable laws.

You have the right to request : (i) access and/or (ii) rectification and/or (iii) limitation of your Pesronal Data. To excercise these rights, you may contact THERAVIA by email at the following address: data.protection@theravia.com. You also have the right to lodge any complaint relating to these prerogatives to the nationa data protection authority of your country.

Additional Information Notice for Research Studies

Dear Madam, Dear Sir, 

You have consented to your or your child’s participation in a clinical research study which involves one of THERAVIA’s products (hereinafter referred to as “the Study“). 

The sponsor of this Study (the legal person responsible for the Study) is THERAVIA or another entity.

Participant means; you or your child.

Personal Data means; any Participant’s data collacted for the purposes of the Study, such as demographic data (age, gender) and health data.

All Personal Data will be coded, meaning that such Personal Data can no longer be attributed to a Participant, without the use of additional information that is kept separately and is subject to technical and organizational measures to ensure that those Personal Data cannot be attributed to the Participant.

THERAVIA would like to give you more information about the use of Personal Data;

Unless opposed; 

– The Personal Data collected for the Study may be used for further scientific research about the Participant’s illness and/or for the Study drug development (always in accordance with applicable laws and regulations).

Personal Data may also be reported in scientific journals. However, any information that identifies any Partcipant will never be mentionned in the Study report or in a publication.

For any information about Personal Data collected in the Study and/or your rights, you can contact the Study’s investigators. 

– Personal Data can be used to document a file with the competent authorities internationally, relating to THERAVIA’s product evaluated in the Study (“the Drug“), in order to obtain a new indication for the Drug (the “Regulatory Purpose“). Thus, a greater number of patients can benefit from the Study results. Consequently, Personal Data will be transmitted by the sponsor or its representative to THERAVIA in France (the European Union), in order to allow THERAVIA to process those Personal Data for the Regulatory Purpose (the “Processing“). THERAVIA is the “Controller” of this Processing, meaning that THERAVIA determines the purposes and means of the Processing of Personal Data. The legal basis of this Processing is the legitimate interest of THERAVIA. 

The handling of Personal Data obtained in clinical research is governed by national and international data protection regulations and medical confidentiality. Personal Data will be processed in accordance with applicable laws, including, but not limited to, Regulation (EU) 2016/679 of the European Parliament and the Council of 27 April 27  2016 (General Data Protection Regulation, “GDPR“). According to this Regulation, you have:

– the right to access your Personal Data, to request their rectification or erasure.

– the right to request the restriction of the Processing or to object to the Processing

In addition, certain Personal Data aiming at ensuring the quality and safety of the Study (for example, adverse effects of the Drug tested), must be collected by THERAVIA. In such case, no right of opposition or erasure is granted regarding the Processing of the Personal Data.

– the right to lodge a complaint with the competent data protection authority of your country : 

 

https://edpb.europa.eu/about-edpb/about-edpb/members_en

For any information regarding this Processing, you can contact THERAVIA’s Data Protection Officer :

THERAVIA, 16 rue Montrosier, 92200, Neuilly-sur-Seine 

Email; data.protection@theravia.com

All information obtained for the Regulatory Purpose will be kept strictly confidential and will be stored for at least 15 years after the end of the Drug’s marketing authorization.

The Personal Data may be transferred within the European Union or to countries outside the European Union. The transfer of Personal Data outside of European countries will be in accordance with the GDPR. THERAVIA ensures the same level of protection for your child’s Personal Data, as within the European Union and according to article 49 of GDPR.

Only health authorities, THERAVIA and THERAVIA’s authorized representatives may have access to the Personal Data and solely for the Regulatory Purpose described herein. All these persons are bound to confidentiality obligations.