Pharmacovigilance Privacy Notice

At Ferring, your privacy is important to us and we are committed to ensuring our data protection practices adhere to applicable European and local national data protection regulations.  This notice is to be read together with the applicable Ferring privacy policy for the country in which your personal data is collected. 

This Pharmacovigilance Privacy Notice describes how Ferring collects, holds and processes personal data to fulfil our duty to monitor the safety of all Ferring medicines, also known as our pharmacovigilance obligations. This Pharmacovigilance Privacy Notice also describes the ways in which we will ensure your personal data is protected in accordance with the applicable regulations.

  • Why do we collect your personal data?
  • What personal data do we collect about you?
  • What do we use your personal data for?
  • Which is the legal basis for processing your personal data?
  • With whom do we share your personal data?
  • Where will the personal data be held and will it be transferred to another country?
  • How do we ensure the security and protection of your personal data?
  • What are your rights?
  • Modifications 
  • How to contact us 

Why do we collect your personal data?

For the purpose of safety (pharmacovigilance) reporting, Ferring is legally obliged to collect specific personal data in relation to individuals who use our products.

When you, your doctor or a third party provide Ferring with information on an adverse event experienced with the use of our products, we collect and process personal data where relevant and necessary to document the adverse event properly and to meet our pharmacovigilance obligations. These obligations exist to allow Ferring and regulatory authorities to manage adverse events and make efforts to prevent similar events from happening in the future.

What personal data do we collect about you?

The personal data that we may collect about you when you are the subject of an adverse event:

  • Name and/or initials
  • Age and date of birth
  • Gender
  • Weight and height
  • Details of the product causing the adverse event
  • The reason why you have been taking or were prescribed the product
  • Details of other medicines or remedies you are taking or were taking at the time of the reaction
  • The reason why you have been taking the other medicines and any subsequent changes in your medicines
  • Details of the reaction you suffered, the treatment you received for that reaction, and any long-term effects the reaction has caused to your health
  • Medical history considered relevant, including documents such as laboratory reports
  • Additional information about your ethnicity, religion and sexual orientation if considered relevant for the use of the product and the reaction you experienced 

The personal data that we may collect about you when you are the reporter of an adverse event:

  • Name
  • Contact details (which may include your address, e‐mail address, phone number or fax number)
  • Profession (this information may determine the questions you are asked about an adverse event)
  • Relationship with the subject of the report

If you are also the subject of a report, this information will be combined with the information you provide in relation to the adverse event. We will only collect the minimum data required for the purposes of fulfilling our pharmacovigilance obligations.

What do we use your personal data for?

Pharmacovigilance laws require us to collect information about the safety of our products. As a result, we must keep enough information to allow us to investigate adverse events and to request additional information. We will compare the information about the adverse event with information about other adverse events received by Ferring to properly analyse and assess the safety of the product(s) over time and to update the safety information available to patients, prescribers and regulatory authorities. 

To do this, we keep the information for the period permitted by the applicable law.

Ferring will only use personal data collected for pharmacovigilance for this purpose and will not hold or process this data for any other purpose without notifying you in advance and/or obtaining the appropriate consent.

Which is the legal basis for processing your personal data?

Personal data is collected, handled and processed to fulfil pharmacovigilance obligations which serve as a legal requirement for public interest and public health reasons and therefore consent from data subjects prior to collection and processing is not required. 

With whom do we share the information?

We share the information with regulatory authorities such as the European Medicines Agency, The US Food & Drug Administration and Medicines & Healthcare products Regulatory Agency in the UK, in accordance with national pharmacovigilance laws in the countries, where we market our product.

We may also share the information with other pharmaceutical companies, who are our co‐marketing, co-distribution or other license partners, where pharmacovigilance obligations for a product require such exchange of information. This means that your information will be shared outside of your country to countries that may have other requirements for data protection.

We may publish information about the safety of our products. We will remove identifiers from any publications, so that no individual can be identified.

We may also transfer data to a third party in the event of a sale, assignment, transfer, or acquisition of the company or a specific product or therapeutic area, in which case we would require the buyer, assignee or transferee to treat that personal data in accordance with applicable data protection law. 

Where will the data be held, and will it be transferred to another country?

Our pharmacovigilance obligations require us to review patterns across adverse event reports received from all countries, where we market our products. To meet these requirements, information provided as part of an adverse event report is kept under secure conditions in the local Ferring office in the country/region of the report and is transferred to Ferring headquarters. Upon transfer, only the minimum data required is included. Any names and contact details of patients and reporter are hidden, meaning that only information on age/age group, date of birth and gender is transferred in addition to the information concerning the reaction and the health of the patient.

Any such transfers outside of the European Economic Area will be safeguarded by internal international data transfer agreements, to ensure that your personal data is protected in accordance with the applicable European and national data protection laws.

How do we ensure the security and protection of your personal data?

Ferring maintains a number of appropriate technical and organisational security measures to safeguard your personal data from unauthorised access, use, disclosure, accidental destruction or loss. For example, where appropriate, Ferring is committed to the encryption, anonymisation or pseudonymisation of personal data, and personal data will be stored securely in a designated system. Our internal policies and procedures are designed to prioritise and promote the protection of personal data. 

While our data security measures are continually evaluated and updated, the security of data transferred via the internet from a computer or other device cannot be guaranteed and you are encouraged to take steps to protect yourself online and against unauthorised use of your passwords, and mobile devices, as well as installing the appropriate firewall, anti-virus and anti-spyware protections for your computer. 

A non-exhaustive list of possible data incidents may include,

  • a lost/stolen laptop
  • an external hacker
  • an email containing personal data sent in error
  • information lost in transit
  • documents left in unsecured location.

If you suspect any security compromise or detect vulnerabilities, it is essential to report these data incidents immediately by using the Data Subject Contact Form

What are your rights?

If and when we collect, hold and process your personal data, you will be afforded specific rights as a data subject. Ferring will give effect to these rights in accordance with the applicable European and local national data protection laws and  where pharmacovigilance laws permit. Under EU and UK laws, your rights as a data subject are the following:

  • Right to be informed:  You have the right to know what personal data of yours is being collected, how long it is being used, how long it will be kept and whether it will be shared with any third parties.
  • Right to access and rectification: You have the right to request a copy of the information we hold about you, as well as the right to request corrections of the personal data we hold if it is inaccurate. We may require you to provide proper identification before we comply with any request to access or correct personal data.
  • Right to erasure and restriction of processing: For legal reasons, we cannot delete information that has been collected and processed as part of an adverse event report unless it is inaccurate. However, you may have the right to restrict the processing of your personal data, if, for example, you believe the data is incorrect.
  • Right to data portability:  you have the right to request a copy of the personal data we hold,

as well as the right to request this data to be transferred to another controller. This right is subject to certain conditions and may not apply, for example, if not permitted for reasons of public interest, or is not technically feasible.

  • Right to object: As the data collected as part of an adverse event report is processed for reasons of public health and interest, you cannot object to the use of the data.
  • You have the right to contact or lodge a complaint with your local data protection supervisory authority. 

If you would like further information about your rights as a data subject, please see the general Ferring Privacy Notice (or applicable country specific notice as referred to at the foot of this Notice). In case you wish to submit a request in relation to a data subject right, please use the Data Subject Contact Form. We will respond to an incoming request as soon as possible. 

Modifications 

Any changes to this Pharmacovigilance Privacy Notice will be communicated at the Ferring website. We recommend you consult our Pharmacovigilance Privacy Notice when revisiting our website to review any changes and to keep informed about our ongoing commitment to respecting the right to privacy and to providing the highest possible level of data protection.

How to contact us 

Personal data submitted to Ferring is stored locally in the country of origin as well as in the Ferring global safety database on servers situated within the EEA. The servers are owned and maintained by Ferring Pharmaceuticals A/S, whose principal place of business is at Amager Strandvej 405, 2770 Kastrup, Denmark.

If you have any questions or comments regarding this Pharmacovigilance Privacy Notice please contact Ferring Entity and Ferring local mailbox  in the country/region to where the data was initially reported.

In case you wish to:

  • Report a data incident or suspected personal data breach,
  • Submit a request to exercise your rights as a data subject, or
  • Contact the Global Data Protection Officer with a general enquiry,
  • please utilize the Data Subject Contact Form.

Alternatively, mail us to the following address: 

(Att.: Data Protection Officer)
Ferring International Center S.A.
Chemin De la Vergognausaz 50
1162 St Prex
Switzerland 

or, at the EU Representative for GDPR, 

(Att.: Data Protection Officer)
Ferring International PharmaScience Center (IPC)
Amager Strandvej 405
2770 Kastrup
Denmark  

Notice to Australian residents:

Australian residents are notified that: 

  1. in this Notice, “personal data” includes the meaning given to “personal information” under the Australian Privacy Act, and Australian privacy requirements we comply with include the Privacy Act 1988 (Cth) including the Australian Privacy Principles, the Spam Act 2003 (Cth), the Do Not Call Register Act 2006 (Cth) and applicable state/territory health privacy laws and any mandatory standards or industry codes.
  2. the applicable Ferring Privacy Notice for Australia is Ferring’s Privacy Policy for Australia on our website (www.ferring.com.au/privacy/).
  3. as explained further in Ferring’s Privacy Policy for Australia, your personal information may be transferred to, stored and processed in a country outside Australia, such as in Switzerland (where Ferring is headquartered), or in the United States where the service provider managing this platform is located. When we pass on, transfer or share your information in this way, we will take steps to ensure that your personal information is protected, and do this in a number of ways including putting in place appropriate contracts.
  4. you may wish to contact us to request access to your personal information, to seek to correct it or to make a complaint about privacy.  Our contact details for Ferring in Australia (and the relevant data controller for the purposes of this privacy notice) is:

    Ferring Pharmaceuticals Pty Ltd
    Suite 2, Level 1, Building 1 Pymble Corporate Centre,
    20 Bridge Street
    Pymble NSW 2073
    Phone: +612 9497 2300 (Toll free :1800 33 77 46)
    Email: enquiries@ferring.com  

    We do not impose any charge for a request for access, but we may charge you a reasonable fee for our costs associated with providing you with access and retrieval costs. For complaints about privacy, we will establish in consultation with you a reasonable process, including timeframes, for seeking to resolve your complaint.

  5. complaints to the Office of the Australian Information Commissioner (OAIC) must be made in writing and using the prescribed forms published on the OAIC’s website www.oaic.gov.au under “How to lodge a complaint with us” (see link). For general inquiries to the OAIC about the processes for making a complaint, please call 1300 363 992.

Last updated: March 2024