PCI: PCI Pharma Services
GDPR: The General Data Protection Regulation.
Data Protection Coordinator: the person responsible for data protection within PCI
Data Protection Register: a register of all systems or contexts in which personal data is processed by PCI Pharma Services.
PCI operates the pci.com website.
This page is used to inform website visitors regarding our policies with the collection, use, and disclosure of Personal Information if you decide to use our website.
1. Data protection principles
PCI is committed to processing data in accordance with its responsibilities under the GDPR.
Article 5 of the GDPR requires that personal data shall be:
- Processed lawfully, fairly and in a transparent manner in relation to individuals;
- Collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes shall not be considered to be incompatible with the initial purposes;
- Adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed;
- Accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay;
- Kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes subject to implementation of the appropriate technical and organisational measures required by the GDPR in order to safeguard the rights and freedoms of individuals; and
- Processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.
2. General provisions
- This policy applies to all personal data processed by PCI.
- The Data Protection Coordinator shall take responsibility for ongoing compliance with this policy.
- This policy shall be reviewed at least annually.
3. Lawful, fair and transparent processing
- To ensure its processing of data is lawful, fair and transparent, PCI shall maintain a Data Protection Register.
- The Data Protection Register shall be reviewed at least annually.
- Individuals have the right to access their personal data and any such requests made to PCI shall be dealt with in a timely manner.
4. Lawful purposes
- All data processed by PCI must be done on one of the following lawful bases: consent, contract, legal obligation, vital interests, public task or legitimate interests
- PCI shall note the appropriate lawful basis in the Data Protection Register.
- Where consent is relied upon as a lawful basis for processing data, evidence of opt-in consent shall be kept with the personal data.
- Where communications are sent to individuals based on their consent, the option for the individual to revoke their consent should be clearly available and systems should be in place to ensure such revocation is reflected accurately in PCI systems.
5. Data minimisation
- PCI shall ensure that personal data are adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed.
- PCI shall take reasonable steps to ensure personal data is accurate.
- Where necessary for the lawful basis on which data is processed, steps shall be put in place to ensure that personal data is kept up to date.
7. Archiving / removal
- To ensure that personal data is kept for no longer than necessary, PCI shall put in placean archiving policy for each area in which personal data is processed and review this process annually.
- The archiving policy shall consider what data should/must be retained, for how long, and why.
- PCI shall ensure that personal data is stored securely using modern software that is kept-up-to-date.
- Access to personal data shall be limited to personnel who need access and appropriate security should be in place to avoid unauthorised sharing of information.
- When personal data is deleted this should be done safely such that the data is irrecoverable.
- Appropriate back-up and disaster recovery solutions shall be in place.
In the event of a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data, PCI shall promptly assess the risk to people’s rights and freedoms and if appropriate report this breach to the supervisory authority and eventually to the affected individuals.
10. Contact with us
For a better experience while using our site, we may require you to provide us with certain personally identifiable information, including but not limited to your e-mail address, name, phone number and address. The information that we collect will be used to contact or identify you. If you contact us by means of a form on the website or by e-mail, your data will be stored for six months to process the request and in case of follow-up questions. We will not share this information without your consent.
11. How do we collect your data?
You directly provide PCI with most of the data we collect. We collect data and process data when you:
- Use or view our website via your browser’s cookies.
- Voluntarily contact us regarding pharmacovigilance matters or general issues.
12. How we use the personal data
PCI uses the collected personal data for various purposes:
- To provide customer support
- To gather analysis or valuable information so that we can improve our services
- To detect, prevent and address technical issues
- To comply with pharmacovigilance regulations
13. Legal basis for collecting and processing personal data
PCI legal basis for collecting and using the personal data described in this Data Protection Policy depends on the personal data we collect and the specific context in which we collect the information:
- Processing your personal data is in PCI’s legitimate interests for the purposes of providing customer support
- PCI needs to comply with the law when gathering pharmacovigilance information
14. Log Data
Whenever you visit our site, we collect information that your browser sends to us that is called Log Data. This Log Data may include information such as your computer’s Internet Protocol (“IP”) address, browser version, pages of our site that you visit, the time and date of your visit, the time spent on those pages, and other statistics.
16. Data processing outside the EU / EEA
Your data is at least partly processed outside the EU / EEA, namely in our affiliate companies in XYZ Country and ABC Country.
A series of data are transmitted to our affiliate in XYZ Country for the provision and performance of IT services, including but not limited to server administration, IT support, system and data backup. The appropriate level of protection results from standard contractual clauses according to Art. 46 para. 2 lit. c of the General Data Protection Regulation. You have the option to receive a copy of them on request.
Likewise, the affiliate in XYZ Country subcontracts part of its obligations under article 11 of the standard contractual clauses, with the consent of the data exporter, for purposes of:
- server mirroring and backup as part of its disaster prevention and business continuity plan, through a server located in XYZ Country.
17. Your rights
In principle, you have the rights to information, access, rectification, erasure, restriction, data portability and objection regarding your stored data. If you believe that the processing of your data violates the data protection law or otherwise your data protection claims have been violated in any way, you can complain to us at firstname.lastname@example.org or before the data protection authority. You can reach us under the following contact details:
PCI Pharma Services
You can contact our Data Protection Coordinator under email@example.com
May 25, 2023
May 25, 2023
May 18, 2023