1.- DATA CONTROLLER
1.1.- Who is responsible for processing your data?
Identity: Laboratorios Ojer Pharma, S.L. (Data controller)
Postal address: Sancho el Mayor 2, 1º Izda. 31002 · Pamplona (Navarra).
Telephone number: 948 281 776
2.1.- What will the Data Controller use my data for?
The data you provide us with may be used by the Data Controller for one or more of the purposes indicated below, which will be determined by factors such as your relationship with us (e.g. customer) or by the means used to send the data (e.g. through the contact form).
When you contact us through the section "Pharmacovigilance" on our website to request information regarding medications or make a claim, we will use your information in order to manage and resolve your request.
To send you commercial communications related to the services and activities offered by the Data Controller and that fall within your reasonable expectation with regards the services previously contracted. This processing may cease if you object to it.
Requests for information:
When you contact us, for example, giving us your business card at a trade fair, using the contact form on our website, by telephone, fax, e-mail, messenger services, social networks, telephone or even in person, to request information or query anything, to make a suggestion, complaint or claim, we will process your data in order to respond to the request for information and/or query you have put forward, with the appropriate management and scope and in order to keep you informed of any relevant new developments. This operation may include the use of the data received for producing proposals for services and/or collaboration, in the event that the request is related to such issues.
If you were the representative of a company, your data will be processed in order to maintain the relationship or meet the request of the legal entity.
2.2.- How long will you keep my data?
The amount of time we will keep your data for is closely linked to the type of processing it will undergo.
In this respect, we would like to inform you that in general terms we will process the data for as long as we have a legal relationship with you or until you object to such processing.
Once the period indicated above has expired, we will keep your data to one side, unless otherwise obliged by regulations, until the complete time period for any possible actions that may arise has expired. These terms may be determined, among other issues, by the law applicable to the relationship between the parties.
3.- LEGITIMISATION OF PROCESSING
3.1.- Why can the Data Controller process my data? Why is this legitimate?
Depending on the relationship that is established and, therefore, the purpose of the processing, the legal basis may vary. Below is a list of the different situations that may arise and the legal basis that may apply to you depending on the processing:
Pharmacovigilance: This treatment will be legitimized by virtue of the consent given by you at the time of sending your request for information and / or your claim.
Sending commercial communications: Pursuant to the current legislation in force and having considered our interests and your rights, we hereby inform you that we have a legitimate interest in processing your data in order to send you commercial communications related to the services you have contracted with us (notwithstanding the fact that you may oppose this processing at any time).
ATTENDING TO REQUESTS FOR INFORMATION:
Attending to requests for information: This processing is allowed by means of your consent given either when sending your request for information and/or assistance, or when giving your data to our company personnel by any means used for this purpose (business cards, in person).
We are entitled to process your data under the terms of your consent given when you start to browse our website.
In this case, considering the balance between our interests and your rights, we inform you that we hold a legitimate interest in the processing of your personal data for the purpose established in point 2.
3.2.- Consequences of withdrawing your consent or opposing the processing of your data. Mandatory and optional fields.
In the event that you are asked at any time to give your authorization for the processing of a purpose for which your consent is required, failure to give your consent (or the subsequent withdrawal of consent) will not affect you in any way. Neither will your opposition to the processing of your data for purposes based on legitimate interest (for example, the use of your data as a customer for sending commercial communications).
On some data collection forms, you will clearly see that some fields are marked as mandatory (with an asterisk) while the rest are absolutely optional. Therefore, there will be no repercussions if you leave the optional fields blank, although you may fill them in if you so wish.
4.1.- Will my data be passed on to third parties?
In general, your data will not be passed on to any third party without your explicit and affirmative consent, unless we are legally obliged to do so.
In any case, some communications and / or transfers of data to third parties can be given by certain rules, for example, fiscal. Other communications and / or transfers will be a necessary consequence of the provision of the service (for example, to resolve your Pharmacovigilance doubts and claims, your data may be transferred to our specialized suppliers with whom we have signed the corresponding Treatment Manager contract fulfilling the requirements of article 28 RGPD.
4.2.- Providers of services related to the website and the e-mail service.
Hosting: the website of the Data Controller is hosted by the provider Dinahosting S.L.
5.1.- What are my data protection rights? General information.
With regards the personal data collected for processing you are entitled to exercise your rights of access, rectification, deletion and portability. We also inform you that in certain circumstances you will have the right to request a limitation or to oppose the processing of your data in which case the Data Controller will stop processing and will only retain the data if legally required to do so or until the statute of limitations for any actions that may arise has expired.
If you would like more information about the aforementioned rights please continue reading or consult the infographic produced by the Spanish Data Protection Agency that can be accessed via the following link.
5.2.- What are these rights?
Right of access: This right allows the data subject to obtain confirmation from the Data Controller as to whether or personal data concerning him is being processed and, if so, the right of access to the personal data as well as to the following additional information:
Right of rectification: This right entitled the data subject to request the Data Controller to rectify or supplement inaccurate personal data without delay. It is important that the data held in the databases is up to date and in this regard, we are ready and willing to rectify any errors or inaccuracies that may exist in the data.
Right to deletion: You are entitled, at any time, to ask us to delete your personal data. We will comply with such a request without delay unless any of the circumstances set out in the General Data Protection Regulations apply, including the fact that we must retain your data in order to comply with a legal obligation or so we are able to defend ourselves against a claim.
Right of portability: In the case of automated data based on your consent, you may request that we, in a structed, commonly used and machine-readable format, forward the personal data you have provided to another data controller.
Right of objection: This right entitles the data subject to object to the processing of his data by the data controller. This right is not absolute, which means that the data controller may continue to process the data provided that he can prove legitimate reasons that prevail over his interests, the rights of the data subject or for the submission, exercise and defense of claims.
Right to limit processing: This right entitles the data subject to request the data controller to limit the processing of his personal data under certain circumstances, as indicated below. If this right is exercised, the data controller may only process the data with the consent of the data subject. The circumstances under which this right may be exercised are those listed below:
5.3.- How and where can I exercise these rights?
We will be happy to answer any questions or complaints you may have regarding data protection. Similarly, you may submit your complaint or exercise your rights through any of the contact channels indicated at the beginning of this data protection policy.
You may also contact the supervisory authority which you consider appropriate to file your complaint (for example, in the country where you have your usual residence or place of work or where you consider the alleged infringement to have occurred). To this effect, we hereby inform you that in the Spain the Controlling Authority is the Spanish Data Protection Agency, and you may exercise your rights via the forms authorized by this entity for this purpose, and which are available on its online site.
5.4.- How long may it take to process my request to exercise my rights?
The reference period is one month from the receipt of your request. However, this period may be extended by a further two months if necessary, considering the complexity and number of requests. The Data Controller will inform the data subject of any such extension within one month of receipt of the request, stating the reasons for the delay.
5.5.- Will it cost me anything to exercise these rights?
It will not cost you anything to exercise your rights, except in the case of manifestly unfounded or excessive requests, in particular repetitive requests, the Data Controller may charge a fee to compensate for the administrative costs of dealing with the request or refusing to act (the fee must not imply extra revenue for the data controller, but must correspond effectively to the true cost of processing the request).