Last updated on April 8, 2021
Arvelle Therapeutics UK, a UK establishment of Arvelle Therapeutics Netherlands B.V., a company of the Angelini Pharma Group, (hereinafter “Arvelle” or “Data Controller”), pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016 on the protection of natural persons with regard to the processing of personal data (hereinafter “GDPR” or “General Data Protection Regulation”), and under the UK Data Protection Act (2018), provides you with the following information on the processing of your personal data, in your capacity as users/browser of the website http://harmoniamentis.co.uk (hereinafter the “Website”).
1. Data Controller and Data Protection Officer (DPO)
The Data Controller is Arvelle, with registered office a
33 Cavendish Square,
W1G 0PW London,
The Data Controller has appointed a Data Protection Officer (DPO), who can be contacted directly at email@example.com.
2. Purposes of processing and legal basis for the processing
All personal data provided by you is processed in compliance with the provisions of the law in a correct, lawful and transparent manner for the purposes set out below and according to the following conditions of lawfulness (Legal basis for processing).
|Purposes of the processing||Legal basis of the processing|
|a) Proper and comprehensive management of any communication or request you may send to Arvelle (for example a request for information or assistance) [management of your requests].||Processing of your personal data for this purpose is necessary to the execution of a contract or to the execution of precontractual measures (here construed as the “legal relationship” established between yourself and the Data Controller, following your potential request) (Art. 6.1.b of the GDPR).|
|b) Proper and comprehensive management of reports relating to pharmacovigilance [pharmacovigilance].||The processing of your personal data for this purpose is a legal obligation (Art 6.1.d of the GDPR).
The processing of “special categories of personal data” is necessary for reasons of public interest in the public health care sector, by way of guarantee of high quality and safety parameters in medicinal products and medical devices (Art. 9.2.i of the GDPR).
|c) Compliance with legal obligations. In certain circumstances, legislation obliges us to use your personal data (for example to inform you of a potential security breach involving your data and the measures we have taken to address the situation) [compliance with legal obligations].||The processing of your personal data for this purpose is a legal obligation (Art 6.1.c of the GDPR).|
3. Categories of data processed
The Data Controller will process the following categories of your personal data:
4. Data source
Your personal data will be obtained by the Data Controller:
5. Nature of data conferral
The conferral of your personal data in order to manage your requests (purpose pursuant to paragraph 2, letter a) is mandatory to allow the Data Controller to process your communication: failure to provide such would make it impossible for you to receive a reply to your communication (in particular, to receive a response to a request you make for information or assistance).
Conferral of your personal data for pharmacovigilance (purpose pursuant to paragraph 2, letter b) and to comply with legal obligations (purpose pursuant to paragraph 2, letter c) is mandatory insofar as it derives from provisions of the law
6. Processing methods
Data processing is carried out using both automated and non-automated tools, with logic strictly related to the purposes of the processing and, in any case, with methods and procedures able to ensure the security and confidentiality of the data.
7. Categories of personal data recipients
For the purposes indicated above (paragraph 2), your personal data may be communicated:
Your data may also be transmitted in accordance with the law to tax authorities, police and judicial and administrative authorities, for the assessment and prosecution of crimes, prevention and protection from threats to public security, to allow the Data Controller to ascertain, exercise or defend a right in court, as well as for other reasons related to the protection of the rights and freedoms of others.
8. Data retention period
We store your personal data for a limited period of time depending on the purpose of processing. After the expiry of this period, your data will be permanently deleted or in any case rendered irreversibly anonymous.
Your personal data will be stored in accordance with the terms and criteria specified below:
For technical reasons, the termination of the processing and the consequent deletion of your personal data, or its anonymization, will take place within 30 (thirty) days from the terms indicated above.
This is without prejudice to cases where retention for a longer period is required for any litigation, requests by the competent authorities or under applicable law.
9. Transfer of personal data outside the UK or EU/EEA
Your personal data may be transferred to countries outside the United Kingdom (UK) or the European Union (EU) and the European Economic Area (EEA) which, however, offer an adequate level of data protection, as established by specific resolutions issued by the European Commission (https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/adequacy-decisions_en) or other competent authority.
The transfer of your personal data to countries that do not belong to the UK or the EU/EEA and that do not ensure adequate levels of protection will be carried out only after the Data Controller and the recipients of the data have concluded specific agreements, containing safeguard clauses and appropriate guarantees for the protection of your personal data, so-called “standard contractual clauses”, also approved by the European Commission or other competent authority, or if the transfer is necessary for the management of your requests.
10. Rights of the data subject
As data subject, you have the right to:
In addition, as data subject, you also have the right to object, this means to:
To exercise these rights, You may contact the Controller at any time, by writing to Arvelle, physical address
33 Cavendish Square,
W1G 0PW London,
or by writing to the Data Protection Officer at firstname.lastname@example.org.
If You believe that your personal data has been processed unlawfully, You have the right to lodge a complaint with the data protection authority (the UK Information Commissioner’s Office).
For more information, please consult the website of the UK data protection authority: https://ico.org.uk/make-a-complaint/.
The complaint can also be made to a data protection authority other than that of the UK, if said data protection authority is that of the EU Member State in which You have your habitual place of residence or of the place where the alleged breach took place
12. Cookies and similar technologies
13. Links to other websites
The Website may contain links to third party websites.
Arvelle cannot guarantee and accepts no liability for the contents and information provided by such third parties, the relevant completeness or accuracy, nor indeed in respect of the contents of the websites of said third parties and any products and services potentially supplied through said third party websites, nor in respect of the processing of personal data of users/browsers by said third parties.
This privacy disclosure applies to our Website only.
14. Changes to this notice
The constant evolution of our activities could lead to changes in the characteristics of the processing of your personal data described above. As a result, this privacy notice may be subject to changes and additions over time, which may also be necessary with regard to new legislation on the personal data protection.
The updated version of this privacy notice will be published on this page, indicating the date on which it was last updated. Please therefore refer to this page when accessing the Website.
P-UK-CE-2100034 | September 2021