HCP PRIVACY NOTICE – Ireland - Post 27th September 2021
Last updated 27th September 2021
INTRODUCTION
This Privacy Notice for Health Care Professionals (“HCP Privacy Notice” or “Privacy Notice”) describes how Pfizer Healthcare Ireland, as Data Controller, (hereinafter, “Pfizer”, “us” or “we”) collect about you as a healthcare professional (“HCP”) when we interact with you; how we use that data; how we protect it; and the choices you may make with respect to your Personal Data. We encourage you to review this HCP Privacy Notice and click on the available links or select “Learn More” if you want additional details on a particular topic.
As a member of the Irish Pharmaceutical Healthcare Association ("IPHA"), we are required to disclose details of transfers of value we make to HCPs, directly or indirectly to the IPHA, in accordance with our obligations under the IPHA Code of Practice (the Code). This transfer of value data will be published by the IPHA on www.transferofvalue.ie. The IPHA will be an independent Data Controller in respect of such personal data as hosted on this site. The IPHA's privacy notice is available on www.ipha.ie.
If you are interacting with us online, please also see the privacy notice posted on the website or application that you are using.
PERSONAL DATA WE COLLECT
“Personal Data” is data that identifies you as an individual or relates to an identifiable individual. We will collect Personal Data when we meet with you, when you participate in our programs, activities, industry events, trade shows, or in connection with your inquiries and communications with us. We also collect Personal Data from data companies providing information services in the healthcare sector, publicly accessible sources of professional information, and joint marketing partners.
In addition, we collect Personal Data each time you are given or benefit from a direct or indirect transfer of value from us (whether in cash, in kind or otherwise, made, whether for promotional purposes or otherwise, in connection with the development and sale of prescription-only medicinal products exclusively for human use), which is disclosed to, and published by, the IPHA on www.transferofvalue.ie
Learn More
Personal Data that we may collect includes:
· Name
· Contact information (postal address, telephone numbers, email address, fax number)
· Your preferred language
· Professional photograph
· Your interests (such as in health care topics about which you request information from us)
· Professional biography including data related to your education, licensures, specialties, professional affiliations (e.g., memberships in medical societies or HCP networks), publications, credentials, and other professional achievements
· Data related to your use of our products, your interactions with us, your preferred method of communications with us, and services for those you care for
· Financial and banking data that you provide to us to pay you for services and provide reimbursement for professional fees, travel, accommodation and out of pocket expenses
· National ID number, passport number, tax identification number
· Travel preferences
- Transfer of value data for our reporting purposes (including your name, professional address, and email address).
- Details of transfers of value you benefit from, for the purposes of disclosure to, and publication by, the IPHA on www.transferofvalue.ie where there is a legal basis for individual disclosure. This data includes your name, address, and total value of interactions in a calendar year by reporting category. The reporting categories are set out on www.transferofvalue.ie, and include details of contribution towards costs of events, and fees for service and consultancy.
When you are asked to provide Personal Data, you may decline. But if you choose not to provide Personal Data that is necessary for us to provide requested services or perform our contractual obligations, we may not be able to provide you those services or perform those contractual obligations.
If you provide or permit us to collect any Personal Data relating to another person, including adverse event data, you are telling us that you have the authority to share that data and to permit us to use the data as described in this HCP Privacy Notice.
HOW WE USE PERSONAL DATA
The purposes for which we use your Personal Data and the legal basis for why that processing is necessary or permitted are:
|
Purpose(s) for Processing |
Legal Basis
|
|
Responding to your inquiries and your request
|
(a) To fulfil our obligations to you under our contract with you or (b) to support our legitimate interests in organising events, managing and improving our business and services, and providing services provided such interests are not overridden by the rights and interests of the data subjects concerned
|
|
Enforcing the contractual terms and conditions that govern our relationship with you (e.g., medical events, publications, advisory meetings, etc.) and, where applicable, paying you for defined or agreed upon services or reimbursing your expenses, planning calls, meetings, trips and other related interactions with you, sending administrative information to you, and documenting our interactions with you |
To fulfil our obligations to you under our contract with you |
|
Creating and maintaining Pfizer’s database of health care providers |
To support our legitimate interests in identifying and, if applicable, engaging with you (by digital or other means) as a scientific expert or a key opinion leader in various health care fields based on your professional expertise and opinions, and where applicable, your past interactions with us, such as: · inviting you to attend congresses/panels, HCP professional meetings and educational activities
· reaching out to you for your professional expertise by communicating information about our products through our professional representatives or in the context of surveys relating to pharmaceutical products or services.
|
|
Complying with our regulatory monitoring and reporting obligations, including those related to adverse events, product complaints and product safety
|
To comply with our legal obligations |
|
Verifying your eligibility to access certain products, services and data that may be provided only to licensed HCPs or otherwise conducting background checks to ensure we are not precluded from working with you
|
To comply with our legal obligations |
|
Conducting training and ensuring quality control
|
To support our legitimate interests in managing our business, providing and improving our services, provided such interests are not overridden by your rights and interests |
|
Detecting, preventing, or investigating misconduct
|
To support our legitimate interests in managing our business, providing and improving our services, provided such interests are not overridden by your rights and interests |
|
Complying with anti-corruption and transparency obligations
|
To comply with our legal obligations
|
|
Analysing or predicting HCP preferences
|
To support our legitimate interests in identifying aggregated trends to develop, improve or modify our products, services and business activities |
|
Protecting our rights, privacy, safety or property, and/or that of our affiliates, you or others
|
To support our legitimate interests in managing our business and providing our services provided such interests are not overridden by your rights and interests |
|
Providing you with marketing and promotional communications on scientific/health matters (by digital means or otherwise), which may be personalized to your professional area and interests |
(a) To support our legitimate interests in managing our business and providing our services provided such interests are not overridden by your rights and interests or (b) consent – which you can withdraw at any time without affecting the lawfulness of processing based on consent before its withdrawal |
|
Disclosing details of transfers of value you benefit from to the IPHA (including your name, address, contribution towards costs of events, and fees for service and consultancy in each calendar year) These details are disclosed to and published by the IPHA on www.transferofvalue.ie pursuant to the IPHA Code of Practice for the Pharmaceutical Industry ("IPHA Code") for the purposes of ensuring transparency and accountability in our relationships with HCPs)
|
To support our legitimate interests, and those of the IPHA, including:
· Decreasing any perception of influence on HCPs by the pharmaceutical industry;
· Promoting a culture of integrity of transactions between pharmaceutical companies and HCPs;
· Increasing public and patient confidence in the integrity and independence of HCPs (itself essential for generating confidence in those relationships and their proper functioning);
· Ensuring compliance by the pharmaceutical industry with legislative and Code restrictions in relation to advertising and promotion.
· Demonstrating transparency in relation to the industry’s relationships with HCPs;
· Showing accountability in these relationships and compliance by the industry and HCPs in relation to their legal obligations not to provide (on one hand) or accept (on the other hand) inducements to prescribe;
· Promoting confidence on the part of the public and on the part of stakeholders (e.g. regulators, managers of public health services, Government) in the legitimacy and bona fides of the engagements between the industry and HCPs; and
· Providing assistance in avoiding conflicts of interest.
|
Learn More
HOW WE DISCLOSE PERSONAL DATA
We disclose Personal Data as follows:
- To other Pfizer companies (visit here for a list of our companies) for the purposes described in this HCP Privacy Notice.
- To our third party service providers, to provide services such as data analysis, data technology and related infrastructure provision, customer service, auditing and other services.
- To data companies providing information services in the healthcare sector to ensure your data remains up to date and accurate.
- To other companies with which we collaborate regarding joint development, distribution and/or marketing of particular products or services.
- To comply with a regulatory requirement, judicial proceeding, court order, government request, or legal process served on us.
- To take legal action or otherwise protect the safety, rights, or property of our customers, the public, Pfizer and our affiliates.
- To prepare, complete and implement any reorganization, merger, sale, joint venture, assignment, transfer or other disposition of all or any portion of our business, assets or stock (including in connection with any bankruptcy or similar proceedings).
- To companies that were formerly wholly or partly included in the Pfizer family of companies to whom we provide services during a transition period following separation.
- Personal data relating to transfers of value will be disclosed to the IPHA in accordance with our obligations under the IPHA Code, and made publicly available on the website www.transferofvalue.ie. Such Personal Data includes your name, address, and total value of interactions in a calendar year by reporting category. The reporting categories include details of contribution towards costs of events, and fees for service and consultancy. The IPHA will be an independent Data Controller in respect of such data. The IPHA's privacy notice is available at www.ipha.ie. (See also Contact IPHA below).
Learn More
DATA SUBJECT RIGHTS
You have the right to request access to, rectification, or erasure of your personal data, or restriction of processing or object to processing of your personal data, as well as the right to data portability. In each case, these rights are subject to restrictions laid down by law. The following is a summary of your rights:
o The right of access enables you to receive a copy of your personal data
o The right to rectification of data enables you to correct any inaccurate or incomplete personal data we hold about you
o The right to erasure of personal data enables you to ask us to delete your personal data in certain circumstances, including where there is no compelling reason for us to keep using it
o The right to restrict processing of personal data enables you to ask us to halt the processing of your personal data in certain circumstances, including where the accuracy of the data is contested, or the processing of the data is unlawful
o The right to data portability enables you to request us to transmit personal data that you have provided to us, to a third party without hindrance, or to give you a copy of it so that you can transmit it to a third party, where technically feasible and
o The right to object enables you to object to us processing your personal data on the basis of our legitimate interests (or those of a third party), including processing for direct marketing purposes, unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing is necessary for the exercise or defence of a legal claim.
When we process personal data, you provide to use based on your consent, you have the right to withdraw your consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal.
You have the right to lodge a complaint to a data protection authority in the country of your residence, place of work, or place of an alleged infringement if you consider that our processing of your personal data infringes the GDPR (See Complaints below).
If you wish to exercise any of these rights, please contact us (see Contact Us below). We will respond to your request within one month. That period may be extended by two further months where necessary, taking into account the complexity and number of requests. We will inform you of any such extension within one month of receipt of your request. We may request proof of identification to verify your request. We have the right to refuse your request where there is a basis to do so in law, or if your request is manifestly unfounded or excessive, or to the extent necessary for important objectives of public interest.
These rights can also be exercised in respect of personal data for which the IPHA is the controller. Insofar as the exercise of these rights concern transfer of value personal data which are made publicly available on www.transferofvalue.ie, the IPHA is the data controller. See Contact IPHA below if you wish to contact them to exercise your rights.
DATA SECURITY
We seek to use appropriate organizational, technical, and administrative measures to protect your Personal Data from unauthorised access and use. Unfortunately, no data transmission or storage system can be guaranteed to be 100% secure.
RETENTION PERIOD
We will retain your Personal Data only for as long as necessary in light of the purpose(s) for which it was obtained and as outlined in this Privacy Notice. The criteria used to determine our retention periods include: (i) the length of time we have an ongoing relationship with you; (ii) whether there is a legal obligation to which we are subject; or (iii) whether retention is advisable in light of our legal position (such as in regard to applicable statutes of limitations, or litigation or regulatory investigations).
In regard to transfer of value data, the IPHA Code requires member companies, including us, to document all transfers of value required to be disclosed, and maintain the relevant records of the disclosures for a minimum of 5 years after the end of the relevant reporting period.
Transfer of value disclosures will be publicly available for a period of 3 years after publication on www.transferofvalue.ie, after which they will be deleted by the IPHA.
CROSS BORDER TRANSFERS
The Personal Data we collect, including transfer of value data relating to you, may be stored and processed in any country where we have facilities or in which we engage service providers, including in the U.S. and where our affiliates operate.
We shall transfer personal data to non-EEA countries which are recognised by the European Commission as providing an adequate level of data protection under Article 45.1 of the GDPR (the full list of these countries is available here). For transfers to non-EEA countries not considered as considered adequate by the European Commission, we shall put in place appropriate safeguards to protect the privacy and integrity of your personal data, including standard contractual clauses under Article 46.2 of the GDPR. Please contact us if you wish to obtain information concerning such safeguards (see Contact Us below).
DATA OF MINORS
The Site is not directed to individuals under the age of sixteen (16), and we do not knowingly collect Personal Data from such individuals. If you are under the relevant age of consent in your jurisdiction, you will need your parent’s or legal guardian’s permission to use the Site. Please consult with your parent or legal guardian before using the Site.
If you are providing us with Personal Data of individuals under the age of sixteen (16), you represent that you have the appropriate authority to do so, and that you can demonstrate such authority to Pfizer upon request.
CONTACT US
The company responsible for collection, use and disclosure of your Personal Data under this Privacy Notice is Pfizer Healthcare Ireland 9 Riverwalk, National Digital Park, Citywest Business Campus, Dublin 24
If you have questions about this Privacy Notice, please contact us at DataProtectionIreland@pfizer.com.
If you would like to request to exercise any individual rights, please contact us at www.pfizer.com/individualrightsgdpr or write to the following address: Pfizer Healthcare Ireland , 9 Riverwalk, National Digital Park, Citywest Business Campus, Dublin 24.
If you have any questions in relation to our collection, use and disclosure of transfers of value data, or if you would like to exercise any individual rights in relation to such data, you may also contact us at PfizerHCPTransparencyReporting@pfizer.com or write to us at the above address.
You may also contact our data protection officer responsible for your country or region, if applicable. To find their contact information, visit DPO.Pfizer.com.
CONTACT IPHA
The IPHA can be contacted at Irish Pharmaceutical Healthcare Association, 7 Clanwilliam Terrace, Dublin 2, D02 CC64 or by Telephone at (353 1) -661 0018 or by email at info@ipha.ie. The IPHA privacy notice can be found at www.ipha.ie
COMPLAINTS
You have the right to lodge a complaint to a data protection authority in the country of your residence, place of work, or place of an alleged infringement if you consider that our processing of your personal data infringes the GDPR. In Ireland, this is the Data Protection Commission, 21 Fitzwilliam Square South, Dublin 2, D02 RD28, Ireland (www.dataprotection.ie). Any data processing by the IPHA will also be supervised by the Irish Data Protection Commission.
UPDATES
From time to time, we will update this HCP Privacy Notice. Any changes will become effective when we post the revised Privacy Notice on the Site. This Privacy Notice was last updated as of the “Last Updated” date shown above.