|Adverse event||An unwanted, unintended or harmful event in relation to the use of a Key product. With respect to medical devices, it also includes “incidents” and for cosmetics “serious undesirable effects”. Only the term “adverse event” is used in this Privacy Notice.|
|Personal Data||Information in any format that can be used, directly or indirectly, alone or in combination with any other information, to identify a person.|
Ensuring patient safety is extremely important to Key and we take the safe use of all our products seriously. Key needs to be able to get in touch with people who contact Key about our products in order to:
This Privacy Notice describes how we collect and use Personal Data to help us:
The Notice is also applicable to medical devices, cosmetic products and other consumer products that Key markets, since the international regulations on such products require similar safety and quality monitoring.
We are committed to protecting your privacy. When a suspected adverse event concerning one of our products is reported to us, we will collect certain information (Personal Data) that can be used to identify you.
This Privacy Notice applies to information we collect from or about you online, by phone, fax, e-mail or post, or as part of the adverse event or quality reporting regulations applicable to Key. We may also collect this information about you through specific forms submitted by you on a site that is owned or controlled by Key.
If you are a patient, we may also be provided with information about you by a third party reporting an adverse event that affected you. Such third parties may include medical professionals, lawyers, relatives or other members of the public.
This Privacy Notice explains how we use the Personal Data we receive in connection with a suspected adverse event. It also explains your rights in relation to your Personal Data.
As the marketing authorisation holder of the medicinal product Key is the “data controller” of the Personal Data we collect in relation to reporting suspected adverse events concerning one of our products. This means that we are responsible for decisions about the collection and use of Personal Data. It also means that we are responsible for responding to your questions and requests in relation to the Personal Data we hold about you.
Key is under a legal obligation to collect specific data for reasons of public interest in the area of public health. In accordance with law, pharmaceutical companies, as market authorisation holders of medicinal products, must retain adverse event reports for at least the time period of the market authorisation for the relevant medicinal products, plus 10 years. Therefore, personal information related to the safety of our products will be retained for this time period. However, if there are legal obligations for us to keep the data for longer, we may do this.
In some circumstances we may anonymise your Personal Data so that it can no longer be associated with you, and we may use such information without further notice to you.
We collect Personal Data about you when you or a third party provides us with information in relation to an adverse event that affected you or someone else. Where you are reporting the adverse event yourself, please also refer to the Reporters section.
Pharmacovigilance (and other relevant) laws require us to take “detailed records” of every adverse event passed to us to allow the event to be evaluated and collated with other adverse events recorded about that product. The Personal Data that we may collect about you when you are the subject of an adverse event report is:
Some of this information is considered by law to be “sensitive Personal Data” about you. This information is only processed where relevant and necessary to document your reaction properly and for the purpose of meeting our pharmacovigilance, safety, and any other legal requirements. These requirements exist to allow us and international/national/local regulatory authorities to evaluate adverse events and make efforts to prevent similar events from happening in the future.
We collect information about you when you provide us with information in relation to an adverse event you report.
Pharmacovigilance (and other relevant) laws require us to ensure that adverse events are traceable and available for follow-up. As a result, we must keep sufficient information about reporters to allow us to contact you once we have received the report. The Personal Data that we may collect about you when you report an adverse event is your:
Where you are also the subject of a report, this information may be combined with the information you provide in relation to your reaction.
As part of our pharmacovigilance obligations, we may use and share Personal Data to:
Personal Data collected from you in accordance with this Privacy Notice may also be transferred to a third party in the event of a sale, assignment, transfer, or acquisition of the company or a specific product or therapeutic area, in which case we would require the buyer, assignee or transferee to treat that Personal Data in accordance with applicable data protection laws.
We may also share Personal Data with other pharmaceutical companies who are our co-marketing, co-distribution, or other license partners, where pharmacovigilance obligations for a product require such exchange of safety information.
We share information with national and/or regional authorities, as required, in accordance with relevant pharmacovigilance laws. We are unable to control their use of any information we share, however note that in these circumstances, we do not share any information that directly identifies any individual (such as names or contact information), but we only share pseudonymised information.
We may publish information about adverse events (such as case studies and summaries). In this case, we will remove identifiers from any publications so that no individual can be recognised easily.
We may also share information with third parties that provide us with your Personal Data when making a report. This may include doctors or other healthcare professionals, distributors of our products or any person who reports an event on your behalf. They may receive Personal Data from us as we communicate with them about the adverse event report they have made. We will only share your Personal Data with these parties where we need to do this to meet our regulatory and industry obligations with respect to responding to suspected adverse event reports.
Because patient safety is so important, we retain all the information we gather about you as a result of an adverse event report to ensure that we can properly assess the safety of our products over time.
Note: For legal reasons, we cannot delete information that has been collected as part of an adverse event report unless it is inaccurate. Also, we may require you to provide proper identification before we comply with any request to access or correct Personal Data.
Under certain circumstances you have the right to:
We hope that we can satisfy any queries you may have about the way in which we process your Personal Data. If you have any concerns about how we process your Personal Data, you can get in touch with Key’s product complaints department at email@example.com.
If you have unresolved concerns, you also have the right to complain to the data protection authority in the location in which you are based.
Key have appropriate security measures in place to prevent your Personal Data from being accidentally lost or used, accessed, altered or disclosed in an unauthorised way.
Additionally, we take further information security measures including access controls, stringent physical security and robust information collection, storage and processing practices.
In addition, we limit access to your Personal Data by our employees and service providers, to individuals who have a legitimate need to know for the job or service they provide to us. They will only process your Personal Data on our instructions and are required to keep your Personal Data confidential.
We have procedures in place to deal with suspected data security breaches and will notify you and any applicable regulators of breaches in accordance with relevant legal requirements.
You can exercise your rights by contacting us using the contact information at the end of this Privacy Notice. We will always aim to help you when you wish to exercise your rights but, in some instances, we may have lawful grounds to reject your request.
We will investigate any request you make immediately and will respond to you within a month of your request. That period may be extended by us for a further two months where this is needed to help us respond properly (for example if the request is complicated for us to deal with and we need more time) but we will let you know the reasons for the delay.
If we decide to not take action on the request, we will inform you of the reasons for not taking action.
If you do not agree with a decision we make in relation to a rights request or believe that we are in breach of data protection laws, you can lodge a complaint with the relevant data protection regulator.
If we decide to change the substance of this Privacy Notice materially, we will post those changes through a prominent Notice on our website.
Personal Data is submitted to Key and is hosted and stored in databases on servers situated in Australia, which are owned and maintained by Key Pharmaceuticals Pty Ltd, an Australian limited liability company.
If, at any time, you have questions or concerns about this Privacy Notice, please e-mail firstname.lastname@example.org. We will use reasonable endeavours to answer your question promptly or resolve your problem.
Effective: February 2022