Principles of personal data protection in the field of drug safety


Last update: May 2022

At Almirall, our commitment to the safety of our medicines, medical devices, cosmetics and healthcare products starts from the Research and Development (R&D) department and is maintained throughout the life of the product.

This Privacy Policy sets out the basis on which we collect Personal Data from you online, fax, e-mail, by phone, or post, as well as through any form available in any of our sites, or as part of the pharmacovigilance regulations applicable to us. Some data about you might be communicated to us not directly by you, but by a third party (for instance, a healthcare professional) whenever they are reporting an adverse event that affected you.

For the purposes of this Privacy Policy:

For more information about this document or how we process your Personal Data, you can contact our Global Data Protection Officer at the e-mail address dpo.global@almirall.com

1. Basic information

How will Almirall process the Personal Data you indicate through the communication of Adverse Events?
Who is the controller of the data you provide us?

The Almirall legal entity which gathers your Personal Data in each case through any specific channel. For more information about this section, please see Section 2 below.

For what purposes do we use your Personal Data?

The data that you provide us is collected in order to identify, quantify, evaluate and prevent potential risks arising from the use of our products, as well as follow-up of the specific case, if necessary, all in compliance with our legal obligations with the Competent Authorities in the field of pharmacovigilance, materiovigilance, cosmetovigilance and surveillance of healthcare products.

For more information about this section, please see Section 2 below.

What is our lawfulness to process your Personal Data?

Our lawfulness to process these data is the compliance with a legal obligation and also the public interest in health matters.

For more information about this section, please see Section 2 below.

What data do we gather?

We might collect Personal Data which are strictly necessary to identify you as a "notifier" and/or a patient of an Adverse Events and to be able to follow up on the case.

For more information about this section, please see Section 2 below.

How long will we store your data?

The Personal Data of patients provided will be kept only for the time necessary to monitor the case according to its nature. Personal data from HCPs will be kept for the commercial life of the product.

For more information about this section, please see Section 2 below.

With whom will we share your data?

Except for a legal obligation, your data will not be disclosed to third parties. We can share your data with companies that help us to follow up on cases, but with which we have signed an agreement to provide services that guarantees the confidentiality of information and its processing in accordance with the applicable legislation.

For more information about this section, please see Section 2 below.

What rights do you have in relation to your Personal Data and how can you exercise them?

You have the right to access, rectify and erase the data, as well as other rights as established in the additional information in Section 2 below where you will also find the way to exercise them.

Additional information

For more additional information regarding the processing of your data please see Section 2 below.

2. Additional information

2.1 Who is the controller of the data you provide?

For the purpose of the General Data Protection Regulations and any local applicable laws, the data controller of your Personal Data is the Almirall legal entity which gathers your personal data in each case through any specific channel. Please find an updated list of all of our affiliates at https://www.almirall.com.

Please note that data controller means the legal entity that decides the purposes and means of processing your Personal Data, Almirall ApS addressed at Vandtårnsvej 77, 2860 Søborg- Denmark.

As part of our pharmacovigilance obligations, we must review reports received from every country where we commercialize our products, either through our affiliates, either through partners and/or distributors. All the information about patients and notifiers whenever they are healthcare professionals are included, with the appropriate security measures, in our global drug safety database which is managed and maintained by the Spanish parent company Almirall, SA, with registered office at Ronda General Mitre, 151, 08022 Barcelona (Spain), fitted with CIF A-58869389 and registered in the Commercial Registry of Barcelona in Volume 21.795, Sheet 32, Page No. B-28.089. Personal Data from patients, especially in regards to health data provided, are duly anonymized. The registration number of Almirall, S.A. in the Ministry of Health, Equality and Social Services is 1889E, and our contact telephone number is (+34) 93 291 30 00.

2.2 Which kind of Personal Data we process?

We may collect and process the following data about you:

    If you are the notifier/reporter: we might collect contact Personal Data including your name or initials, surname, telephone number, contact e-mail and country. If you are the patient and, therefore, the subject of the Adverse Event: We might collect the following Personal Data from you when you, or a third party (the "notifier") notifies us the occurrence of an Adverse Event: name or initials, surname, date of birth, gender, weight, type of adverse reaction and details associated with it, concomitant medication, relevant medical history or others. You or the third party might also provide us with other sensitive information.

The information we collect in both cases is the strictly necessary to identify you as notifier and/or to follow up the case and pursue the compliance of our pharmacovigilance obligations.

2.3 For what purposes do we need your Personal Data?

The Personal Data you provide us are collected in order to identify, quantify, evaluate and prevent potential risks arising from the use of our medicines, as well as follow-up of the specific case, if necessary, all in compliance with our legal obligations with the Competent Authorities in the field of pharmacovigilance, materiovigilance, cosmetovigilance and surveillance of healthcare products.

We will not use your data for any other purpose than those indicated above.

2.4 For how long will we keep your Personal Data?

The patient's personal data provided will be kept only for the time necessary to monitor the case according to its nature. Once the follow-up of the reported case ends, the personal data are anonymized in a way that it is not possible to identify the patient, and they become part of our global database of pharmacovigilance, so the consideration of Personal Data ceases and, therefore, also the processing.

In relation to Personal Data of health care professional who report a side effect, they are kept during the commercial life of the product plus ten (10) years.

2.5 Which is our lawfulness to process your Personal Data?

In this case, our lawfulness to process Personal Data of notifiers and patients is twofold. On the one hand, it is necessary for compliance by Almirall in the field of pharmacovigilance, materiovigilance, cosmetovigilance and surveillance of healthcare products and, on the other hand, pursues an aim of public interest in the area of health.

2.6 Are we going to share your Personal Data?

Except by legal obligation to share your Personal Data with Health Authorities or Public Administration, your Personal Data will not be disclosed to third parties. However, we may share your Personal Data with companies that help us to collect the Adverse Events, and follow up cases, anonymize the Personal Data when we include them into the global database, or other services strictly related to the purposes indicated above. With these companies we have signed an agreement for the provision of services that guarantees the confidentiality of the information and its processing in accordance with the applicable legislation.

Whenever information needs to be transferred to any recipient outside the European Economic Area to a country which has not received the decision of adequate level of protection issued by the European Commission, Personal Data will be duly protected by standard contractual clauses approved by the European Commission or binding corporate rules of the data processor.

2.7 Which are your rights as data subject and how you can exercise them?

You have the right to access your Personal Data. In justified cases, you may also request the erasure, rectification or limitation of the processing of your Personal Data.

If you wish to make use of any of your rights, you can send a written request to Almirall ApS addressed at Vandtårnsvej 77, 2860 Søborg- Denmark or to the email address dsafety@almirall.com. The request to exercise any of your rights must be accompanied by a copy of an official document that identifies you (ID, driver's license or passport)

Finally, we inform you that you can contact your local data protection Supervisory Authority or any European supervisory entity for any claim arising from the processing of your Personal Data. You can find a list of the EU national Supervisory Authorities following this link: Our Members | European Data Protection Board (europa.eu).