Privacy Call Centre

Introduction

The present information notice has been rendered by Menarini Benelux -, and is addressed to the callers of the above-indicated call centre, which is dedicated to healthcare professionals. Patients using our device are invited to address their queries to their hospital/doctor/pharmacy.

Data Controllers and DPO

The Data Controller is:

- Menarini Benelux SA/NV De Kleetlaan 3 - 1831 Diegem – Belgium (hereinafter “Menarini”). Menarini’s DPO may be reached at dpo@menarini.com

Which data we process

The processed data are “ordinary” data such as the caller’s name, contact information and address, phone number, etc. and “sensitive” data (if a patient calls in to ask information about our products or materials, we may infer the medical condition from which he/she suffers); however, since we do not handle the query (our call centre being dedicated to healthcare professionals) we do not record or  keep such patients’ data.

In case you call our call centre, we warn you that your number may automatically be detected. In addition, the recordings of the messages you leave in our voice mail will be matched with your phone number.

For which reason we process your data and how

We inform you that your personal data may be processed by the Controller for the following purposes:

(i) management of your requests and notifications, which may include: requests for information, materials and samples of our products; remarks (including complaints) about the quality of our products; handling customer service/technical assistance requests. The legal basis of the processing is your consent, based on arts. 6.1.(a) and 9.2.(a) GDPR

(ii) management of notifications concerning adverse events (e.g. device-vigilance). The legal basis for the processing for such purpose is art. 9.2.(i) GDPR;

(iii) performing internal statistical analysis regarding the effectiveness of our services and the quality of our products. The legal basis of the processing for such purpose is art. 6.1.(f) of the GDPR.

 Data may further be processed to comply with legal obligations (art. 6.1(c) of the GDPR) and to pursue legitimate interest or bring/defend legal claims (art. 6.1.(f) and 9.2.(f) of the GDPR).

All your data are processed manually or electronically, on paper or with automated devices, which are at any rate suitable to ensure your data’s the security and confidentiality.

Required data

Conferring your data is required insofar as such data are necessary to provide the services described above –without them, it will not be possible to process your query.

How we process your data

In compliance with Article 5.1.(c) of the GDPR, the computers and programmes we use are set up so as to reduce the use of personal and identifying data to a minimum. Such data are processed only to the extent required to achieve the purposes indicated in this document, and will be stored for as long as strictly necessary for achievement of the specific purposes pursued - in any event, the criterion used to determine the storage period is based on compliance with time limits permitted by law and the principles of data minimisation, storage limitation or rational management of our records.

How we ensure the security and quality of personal data

We undertake to ensure security of the personal data we collect by way of the call centre and comply with provisions on security provided by law to avoid data loss, illegitimate or unlawful uses of data or unauthorised access to data, with particular but not exclusive reference to Articles 25-32 of the GDPR. The Controller use many types of advanced security technologies and procedures intended to maximize the protection of personal data; for example, personal data are stored on secure servers situated on premises with protected and controlled access. Callers may assist the Controller to update and correct their personal data by communicating any change of address, qualifications, contact information, etc.

Who accesses personal data

Staff of the Controller belonging to the following categories are authorised to process data collected by the call centre: technical and administrative staff, IT staff, call centre staff, product managers etc., logistics staff,  as well as other staff members who require processing the data for performance of their job duties.

The Data can be communicated also in countries outside the EU (“Third Countries”), including to companies of the Menarini Group for the same purposes and/or for administrative and accounting purposes pursuant to Article 6.1.(f) and Recital 48 of the GDPR.

Additionally, the Data can be communicated, also in Third Countries, to: (i) institutions, authorities, public bodies for their institutional purposes; (ii) professionals, independent consultants –working individually or in partnerships- and other third parties and providers which supply to the Companies commercial, professional or technical services (e.g., provision of IT and Cloud Computing services) for the purposes specified above and to support the Companies with the provision of the services you requested ; (iii) third parties in the event of mergers, acquisitions, transfers of business -or branches thereof-, audits or other extraordinary operations; (iv) any supervisory board of the Companies in the pursuit of its supervisory activities (e.g. the enforcement of the Menarini Group Code of Conduct). The mentioned recipients shall only receive the Data necessary for their respective functions and shall duly undertake to process them only for the purposes indicated above and in compliance with data protection laws. The Data can furthermore be communicated to the other legitimate recipients identified from time to time by the applicable laws. With the exception of the foregoing, the Data shall not be shared with third parties, whether legal or natural persons, who do not perform any function of a commercial, professional or technical nature for the Controller and shall not be disseminated. The parties who receive the Data shall perform processing as data controller, processor or persons authorised to process personal data, as the case may be, for the purposes indicated above and in compliance with the applicable data protection law.

Regarding any transfer of Data outside the EU, including in countries whose laws do not guarantee the same level of protection to personal data privacy as that afforded by EU Law, the Companies inform that the transfer shall in any event take place in accordance with the methods permitted by the GDPR, such as, for example, on the basis of the user’s consent, on the basis of the Standard Contractual Clauses approved by the European Commission, by selecting parties enrolled in international programmes for free movement of data  or operating in countries considered safe by the European Commission.

How callers may exercise their rights

Callers may at any time exercise the rights afforded by Articles 15-22 of the GDPR, including the right to know whether we process their personal data or not, check their content, origin, correctness, location (also with reference to any Third Countries), request a copy, request correction and in cases provided by law, restriction of processing, deletion, oppose to direct contact activities. Likewise, callers may always make observations on specific issues regarding processing operations of your personal data which you regard as incorrect or unjustified by your relationship with the Company by contacting Menarini’s DPO at dpo@menarini.com or lodge a complaint with the Belgian Data Protection Authority (Commission for the Protection of Privacy – Commission pour la protection de la vie privée – Commissie voor de bescherming of de persoonlijke levensfeer).