PRIVACY POLICY of PEX Sp. z o.o.

1. General information

The “Privacy Policy” of PEX Ltd. (hereinafter “PEX” or “Administrator”) is intended to set out the methods by which PEX processes, collects, stores, uses and discloses personal data. PEX makes every effort to ensure that this “Privacy Policy” and PEX’s policies, practices and procedures ensure compliance with all European and Polish laws. “Privacy Policy” applies to all personal data received in electronic or paper form, including personal data of PEX employees and associates, job applicants, healthcare professionals, patients, marketing research respondents, customers, suppliers, service providers, contacts and business partners.

2. Details of the Data Controller and Data Protection Officer

The controller of personal data within the meaning of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and the repeal of Directive 95/46/EC (hereinafter “RODO”) is PEX Sp. z o.o. with its registered office in Warsaw: ul. Migdałowa 4d/46, 02-796.

In matters relating to data processing and the exercise of data subjects’ rights, the Data Protection Officer appointed by the Controller may be contacted by directing correspondence to the email address: [email protected] or in writing to the Administrator’s registered office address indicated above. For more information on your rights: www.pexps.pl/obowiązekinformacyjnyRODO.

3. Ways of obtaining data

a) Personal data obtained directly from individuals. PEX shall in each case specify: the purposes, information on further recipients of the personal data or categories of recipients, the period for which the personal data will be stored and the rights of the data subject.

b) Personal data obtained as a service provider to clients. Clients are responsible for providing individuals with the necessary information and ensure that relevant consents are obtained.

4. Categories of data to be collected

a) Information related to marketing research (hereinafter “Research”). In the case of individuals (patients, carers, consultants, contractors) participating in Research carried out on behalf of clients, personal data may only be used for the purpose of conducting the Research and other necessary activities related to the Research and pharmacovigilance.

b) Healthcare professionals. PEX processes healthcare professionals’ data obtained directly from healthcare professionals and from business partners. Personal data may only be used for the purpose of conducting the Study and other necessary activities related to the Study and pharmacovigilance.

c) Human resources information. With regard to employees and collaborators, job applicants – personal data are processed for human resources processes, including but not limited to: recruitment and assessment of suitability for the position applied for, provision of benefits resulting from the cooperation, administration and management of employees and associates – their salaries, bonuses, Social Security benefits, as well as for administrative activities concerning the company’s operations.

e) Business contacts. PEX processes personal data such as contact details, job title, workplace name. This data may be used in resulting cooperation opportunities, which may include marketing activities aimed at selling and promoting PEX products and services and other business activities.

f) Senders of correspondence: PEX keeps records of correspondence with individuals including, for example, the type of correspondence or the details of the sender.

g) Users of the PEX website and web services. The systems and software of the services obtain data during use, the transmission of which is necessary during web communication protocols. The administrator does not aim to identify natural persons, but the information collected in conjunction with data held by third parties makes it possible to identify usage to some extent. These include, but are not limited to: cookies, IP address, domain name of the device being used, time of request, numerical code indicating the status of the server response.

5. Purposes, legal basis and data storage

The storage period indicated is the period necessary to fulfil the purpose of the processing.

Objective 1 Maintain the PEX website

– provision of content on www.pexps.pl and its sites, administration of the site, including compliance with legal obligations

– ensuring the security of the website, IT resources and personal data, as well as cyber security, including the security of messages sent through the website

monitoring the correct functioning of the site, obtaining anonymous or aggregated statistics on the use of the site in order to, inter alia, improve its functioning or analyse the traffic on the site

– management of a security incident in the event of a suspected offence using the site

Legal basis: legitimate interest of the Administrator (Article 6(1)(f) RODO) or consent given for cookies (Article 6(1)(a) RODO), performance of a contract (Article 6(1)(b) RODO) and legal obligation incumbent on the Administrator (Article 6, paragraph 1(c) RODO)

Storage period: the data contained in the cookies are stored for the duration of their storage on the user’s device until they expire or are deleted by the user

Objective 2 Direct contact and marketing

– communication in a face-to-face context or via remote communication channels, including teleconferencing via remote communication platforms such as MS Teams – depending on the consent given

– carrying out direct marketing of the Administrator’s own products and services, including, but not limited to, presenting offers by electronic means

Legal basis: legitimate interest of the Administrator (Article 6(1)(f) RODO) or consent given (Article 6(1)(a) RODO)

Storage period: for the period required by law or until such time as an objection is lodged or the consent is withdrawn

Purpose 3 To comply with the Administrator’s legal obligations

– to comply with the legal obligations incumbent on the Controller, as set out in particular in pharmaceutical, tax and accounting law, consumer law, Polish and European data protection legislation, among others:

monitoring the safety of medicinal products, where appropriate collecting information, reporting adverse reactions of a medicinal product or medical device or other information relating to the safety of a medicinal product.

– conclusion and performance of the contract, including pre-contractual activities, payment of remuneration and performance of legal obligations incumbent on the Administrator, including tax and accounting, controlling or auditing.

Legal basis: legal obligation on the Administrator (art.6, paragraph 1, letter c) RODO), necessity of processing for reasons related to ensuring high standards of quality and safety of medicinal products or medical devices (art.9, paragraph 2, letter i) RODO) and Polish legal regulations, including pharmaceutical, tax, accounting, consumer, personal data protection, and guidelines of regulatory and supervisory authorities. Necessity for the purposes of legitimate interests pursued by the Administrator or by a third party (Article 6(1)(f) RODO)

Retention period: until such time as an objection is lodged or consent is withdrawn, for the time required by law, for the duration of the marketing authorisation for the medicinal product to which the notified information relates and for 10 years after that authorisation expires.

6. Anonymity and security of personal data

PEX takes the utmost care to apply adequate technical, administrative and physical safeguards to protect processed personal data from loss, misuse and unauthorised access, disclosure, modification and destruction. To this end, PEX has implemented standard policies and procedures appropriate to the type of personal data and the nature of potential risks. Access to personal data is in each case limited to those persons for whom it is necessary in order to fulfil the purpose of the processing. All persons and entities authorised to process personal data are obliged to maintain confidentiality.

PEX uses security and anonymisation techniques to protect personal data and data encryption, in particular applies to computers, data storage media and systems and applications critical to the security of personal data. It applies to both physical and digital data.

Scroll to Top