Privacy Policy

EFFECTIVE DATE: 18 December 2018 V01

PRIVACY POLICY – REMEDICA LIMITED

Introduction

Remedica Limited (referred to as “Remedica” or the “Company”) is committed to the protection of your privacy and security of your personal data. References in this Data Privacy Policy to “we”, “us”, “our” and ‘‘Remedica΄΄ are references to Remedica.

This Data Privacy Policy (referred to also as ‘‘Policy’’) explains the type of personal data that we collect, and, the manner and/or method that we collect, transfer, process, use and disclose your data, as well as, the security practices that we apply in order to protect them. Additionally, it contains information about third parties receiving your data, as well as, your rights under local applicable Data Protection Laws and the relevant European Regulation of General Data Protection (referred to as “GDPR”).

Certain key terms are used in this Policy such as ‘personal data’, ‘processing’, ‘data protection laws’, and, these are defined in the “Key Definitions” section included in Annex 1.

This Policy applies to:

  • Remedica’s Contractors,
  • Remedica’s suppliers, associates and partners.

Who controls the use of your personal data?

Remedica is a private limited company, situated in Aharnon Street, Limassol Industrial Estate, 3056, Limassol, Cyprus. Remedica, as per the definitions and principles of the relevant legal and/or legislative framework, acts under the capacity of the ‘data controller’, since, it collects personal data for the purposes described in this Policy.

Compliance with principles of Data Protection Laws

Remedica adheres to the principles of Data Protection Laws, and, as a result, your personal data will be:

  • Processed lawfully, fairly and in a transparent manner;
  • Collected for specified, explicit and legitimate purposes;
  • The collection of your personal data shall be adequate, relevant and limited to what is necessary;
  • Accurate and up-to-date;
  • Kept for no longer than is necessary for the specified purpose or purposes; and
  • Processed in a manner that maintains the integrity and confidentiality of your data.

Personal data collected by Remedica:

The type of data that Remedica may collect (both paper or electronic format), where appropriate and permitted by applicable Data Protection Laws, may include among other:

  • Contact details, including name and surname, address, telephone number and email;
  • Identification information, including date of birth, passport number, sex, ID number, and other information relevant to your identification;
  • Financial information, including bank account numbers, VAT registration number, social insurance number, credit/debit card numbers, other financial information required for receiving payments and fraud prevention;
  • Business related information, information provided to us in the course of our contractual relationship with you and/or your organization associated with Remedica’s commercial affairs;
  • Recruitment related information, including curriculum vitae, educational or professional background, relevant academic certificates and/or certifications, job title, employment history and other information relevant to potential recruitment; and/or
  • Any other categories of personal data you may provide to us in the course of our business relationship.

Special categories of data collected by Remedica include:

  • Data regarding the health of an employee connected with sick leave or attendance at medical appointments;
  • Data regarding the health of individuals visiting Remedica offices where such information is required to facilitate their visit/participation taking into consideration the specific industry within Remedica operators (e.g. information on disability or special dietary requirements).

Where do we collect personal data from?

Most of the personal data will be collected through your interaction with us. Certain personal information (name, job title, business email address, business address and/or mobile phone number) may be provided to Remedica by third parties (such as your employer) on your behalf, for the purpose of contacting you in connection to matters associated with Remedica’s legitimate business activities. Remedica may also collect personal data from publicly-available sources such as a company website, commercially published directory, etc.

Website Cookie Policy

Remedica’s cookie policy is available and accessible at http://www.remedica.eu/cookie-policy/.

Legal basis for processing your information

According to the Data Protection Laws, we are required to ensure that there is an appropriate basis/ground for the processing of your personal data, and we are required to inform you of this accordingly. The main primary bases upon which we process your personal data are the following:

  • Performance of a contract or agreement with you– we collect and use your data primarily for the purpose of managing our working relationship with you, for example, in order to provide services, to communicate with you, and, otherwise to fulfil any contractual obligations owed to you.
  • Where required by applicable law– Remedica may be required under local laws to maintain records that can include personal information, such as mandatory reporting. In particular, Remedica processes personal data relating to suppliers, manufacturers, marketing authorization holders, wholesalers, associates, customers, and, persons authorized or entitled to supply medicines to the public, and, other relevant parties, as per their capacity as the legal and/or authorized representatives of the legal entity and/or organization where they are employed and/or which they represent,
  • Initiation, establishment, exercise or defense of in court or out of court legal procedures.
  • To fulfil our legitimate business interests– Remedica also may process your personal data to pursue its legitimate business interests, which shall include planning for, conducting and monitoring the activities of Remedica, providing service information, etc.
  • Where you have consented– for certain types of information, Remedica may rely on your consent in order to use such information. Our policy is to keep to the minimum extent necessary, any data where the basis for processing is your consent.  In that event, you will have been asked for your explicit and specific consent, and you will be entitled to withdraw your consent at any time by contacting us using the contact details at the bottom of this policy. Please note that if you withdraw your consent we may not be able to continue providing you with the service to which the consent related.

Remedica will only use your data for the purpose(s) for which it was initially collected, unless we reasonably consider that we need it for another purpose, we will notify you in advance of our use of your data and explain the legal basis for this. Note that we may process your data without your knowledge or consent where this is required or permitted by applicable law. Remedica does not carry out automated decision-making processes with personal data.

Personal data of other individuals

In case you provide us with personal data relating to other individuals, you must ensure that the said individuals understand how their personal data will be used and processed by us. It is your responsibility to inform the said individuals about the content of this Policy and ensure that they have understood and accepted how their personal data will be processed.

 With whom do we share your personal data?

Remedica, currently does not transfer personal data outside the European Economic Area, excluding the below mentioned, which is in association with Remedica’s parent/holding company i.e. Ascendis Health. In case we transfer your personal data to countries not providing an adequate level of personal data protection, we will take steps to ensure that personal data transferred is subject to appropriate safeguards, such as entering into duly approved and/or legislatively accepted data transfer agreements.

Remedica and, Ascendis Health (as the parent/holding company of Remedica) has a legitimate interest, in processing such personal data, for the purpose of implementation of an integrated HR system, and, for the carrying out of their functions as per the capacity of the employer. Such processing is in compliance with the European Union and Cyprus laws governing the processing of personal data.  The transfer of personal data from Remedica to Ascendis Health is carried out on the basis that:

  • Remedica and Ascendis Health have entered into an appropriate Data Transfer Agreement (based on standard contractual clauses for the transfer of personal data from the Community to third countries (controller to controller transfers));
  • The arrangement having been approved by the Cyprus Commissioner for Personal Data Protection.

The Controllers of the Personal Data are the following:

(1) Remedica Ltd, Aharnon Street, Limassol Industrial Estate, 3056 Limassol, Cyprus, represented by the Data Protection Officers, Mrs. Despina Nicolaou, and, Mrs. Elina Skoullou, at [email protected]
Direct Telephone: +357 25553113, and, +357 25553221

(2)  Ascendis Health Ltd, 31 Georgian Crescent East, Bryanston, South Africa, represented by Mr. Darren Berman

Retention of personal data

Remedica will retain your personal data in accordance with its record retention policy. This policy operates on the principle that we keep personal data for no longer than is necessary, for the purpose for which, this was initially collected. It is also kept in compliance with any and/or all legal requirements that are imposed upon Remedica. This means that the retention period of your personal data, will vary, depending on the type of personal data which is retained. The below criteria are applied for the purpose of determining retention periods:

  • Statutory and regulatory obligations – we have certain statutory obligations to retain personal data for set periods of time.
  • Business requirements – As we only collect personal data, for defined purposes, we assess how long we need to keep personal data in order to meet our reasonable business purposes.

Remedica will permanently delete your personal data when the relevant retention period has expired.

 Security

Remedica takes the security of your data very seriously, and, has implemented an information security procedure which describes the technical, procedural, and, physical measures in place, which aim to the protection of your data from loss, misuse and unauthorized access or disclosure. Remedica, also maintains reasonable procedures to help ensure that such data is reliable for its intended use and is accurate, complete and current/up to date. Employees who handle personal data are trained on the information security policy and on how to correctly collect, process, store and delete data in accordance with this Data Privacy Policy.

The Company operates a closed-circuit television CCTV system for the purpose of ensuring the safety and security of our premises, the manufacturing process, and, pharmaceutical products. In some areas, we are mandated by the law to operate a CCTV system as it forms part of a secure ‘bonded area’. All areas subject to CCTV recordings are clearly marked and cover entrances, exits, hallways and manufacturing facilities. CCTV recordings may be used for the investigation of suspected criminal activities such as theft, damage to property, and, vandalism. No CCTV cameras are installed in areas where there is a reasonable expectation of privacy.

Certain doors are fitted with access control features which retain information such as timestamps (when a card is wiped) and card number. The information retained is only used for the safety and security of the Company’s premises and pharmaceutical products.

Your obligations

  • Should you be aware of any data breach affecting any data held by the Company, please report this to the appointed Data Protection Officer of Remedica, whose contact information is announced in Remedica’s website, and, may be found also herein below.
  • Employees who process personal data on behalf of the Company have a duty to follow the General Data Protection Regulation and all policies enacted by the Company ensuring compliance thereto.

Your rights

You have various rights under Data Protection Laws, subject to certain exemptions, in connection with the processing of your personal data:

  • Right to access the data – You have the right to request a copy of the personal data that we hold about you, together with other information in connection to our processing of that personal data.
  • Right to rectification– You have the right to request that any inaccurate data which is held about you is corrected, or, if the retained information is incomplete, you may request that we update the information, in such a manner, so that it is rendered complete.
  • Right to erasure– You have the right to request us to delete personal data that we hold about you. This is sometimes referred to as the ‘right to be forgotten’.
  • Right to restriction of processing or to object to processing – You have the right to request that we no longer process your personal data for particular purposes, or, to object to our processing of your personal data for particular purposes.
  • Right to data portability– You have the right to request us to provide you, or a third party, with a copy of your personal data in a structured, commonly used machine-readable format.
  • Right to complain – You have the right to lodge a complaint with the Data Protection Authority if you are unhappy with our processing of your personal data.
  • Right to withdraw your consent– When we process your personal data on the basis of your consent, you are free to withdraw that consent, at any time, by contacting us, using the contact details below. Please note that if you withdraw your consent we may not be able to continue providing you with the service to which the consent is related.

In order to exercise any of these rights, please get in touch using the contact details set out below.

Changes to this Policy

The provisions of this Data Privacy Policy may be amended by Remedica from time to time so as to reflect any possible amendments to the relevant legal, legislative, and, regulatory framework. Any alteration or addition will be posted on our website at www.remedia.eu.

Queries and complaints

Remedica has appointed  Data Protection Officers (DPOs) which you can contact if you have any queries or complaints in connection with our processing of your personal data, using the following contact details:

Mrs. Despina Nicolaou, and, Mrs. Elina Skoullou,

at [email protected]
Direct Telephone: +357 25553113, and, +357 25553221
P.O. Box 51706, 3508 Limassol, Cyprus

You have the right to lodge a complaint to the Office of the Commissioner for the Protection of Personal Data below, if you believe we have not complied with the requirements of the GDPR with regard to your personal data.

1 Iasonos str., 1082 Nicosia

P.O.Box 23378, 1682 Nicosia

Tel: +357 22818456

Fax: +357 22304565

Email: [email protected]

Annex 1 – Key Definitions: 

“Data Protection Authority” means the Cypriot Data Protection Commissioner which is the supervisory authority in the Republic of Cyprus.

Data Protection Laws mean the General Data Protection Regulation (EU) 2016/679 (“GDPR”), The Protection of Natural Persons with regard to the Processing of Personal Data and on the Free Movement of Such Data Law 125(Ι)2018 as amended and any EU or national implementing laws, regulations and secondary legislation, as amended or updated from time to time, in the Republic of Cyprus and any successor legislation to the GDPR.

“Consent” of the data subject means any freely given, specific, informed unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her – such as a written/electronic statement or an oral statement.

“Data Controller” means the legal person and/or organization which determines the purposes, and, means of the processing of personal data,

“Data Processor” means a person or company which processes personal data on behalf of the Data Controller,

 “Personal Data’’ or ‘‘Data” means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person; “processing” means any operation which is performed on personal data, where automated or not, such as collection, recording, organization, structuring, storage, adaptation, retrieval, consultation, use, disclosure by transmission, dissemination, alignment or combination, restriction, erasure or destruction. 

“Special Categories of Data” mean personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, genetic data, biometric data and data concerning health or a person’s sex life or sexual orientation.