Data Protection Policy

Definitions

PCI: PCI Pharma Services
GDPR: The General Data Protection Regulation.
Data Protection Coordinator: the person responsible for data protection within PCI
Data Protection Register: a register of all systems or contexts in which personal data is processed by PCI Pharma Services.

PCI operates the pci.com website.

This page is used to inform website visitors regarding our policies with the collection, use, and disclosure of Personal Information if you decide to use our website.

If you choose to use our Website, then you agree to the collection and use of information in relation with this policy. The Personal Information that we collect are used for providing and improving our services. We will not use or share your information with anyone except as described in this Privacy Policy. 

1. Data protection principles

PCI is committed to processing data in accordance with its responsibilities under the GDPR.

Article 5 of the GDPR requires that personal data shall be:

  • Processed lawfully, fairly and in a transparent manner in relation to individuals;
  • Collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes shall not be considered to be incompatible with the initial purposes;
  • Adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed;
  • Accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay;
  • Kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes subject to implementation of the appropriate technical and organisational measures required by the GDPR in order to safeguard the rights and freedoms of individuals; and
  • Processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures. 

2. General provisions

  • This policy applies to all personal data processed by PCI.
  • The Data Protection Coordinator shall take responsibility for ongoing compliance with this policy.
  • This policy shall be reviewed at least annually. 

3. Lawful, fair and transparent processing

  • To ensure its processing of data is lawful, fair and transparent, PCI shall maintain a Data Protection Register.
  • The Data Protection Register shall be reviewed at least annually.
  • Individuals have the right to access their personal data and any such requests made to PCI shall be dealt with in a timely manner. 

4. Lawful purposes

  • All data processed by PCI must be done on one of the following lawful bases: consent, contract, legal obligation, vital interests, public task or legitimate interests
  • PCI shall note the appropriate lawful basis in the Data Protection Register.
  • Where consent is relied upon as a lawful basis for processing data, evidence of opt-in consent shall be kept with the personal data.
  • Where communications are sent to individuals based on their consent, the option for the individual to revoke their consent should be clearly available and systems should be in place to ensure such revocation is reflected accurately in PCI systems.

5. Data minimisation

  • PCI shall ensure that personal data are adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed.

6. Accuracy

  • PCI shall take reasonable steps to ensure personal data is accurate.
  • Where necessary for the lawful basis on which data is processed, steps shall be put in place to ensure that personal data is kept up to date.

7. Archiving / removal

  • To ensure that personal data is kept for no longer than necessary, PCI shall put in placean archiving policy for each area in which personal data is processed and review this process annually.
  • The archiving policy shall consider what data should/must be retained, for how long, and why. 

8. Security

  • PCI shall ensure that personal data is stored securely using modern software that is kept-up-to-date.
  • Access to personal data shall be limited to personnel who need access and appropriate security should be in place to avoid unauthorised sharing of information.
  • When personal data is deleted this should be done safely such that the data is irrecoverable.
  • Appropriate back-up and disaster recovery solutions shall be in place.

9. Breach

In the event of a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data, PCI shall promptly assess the risk to people’s rights and freedoms and if appropriate report this breach to the supervisory authority and eventually to the affected individuals.

10. Contact with us

For a better experience while using our site, we may require you to provide us with certain personally identifiable information, including but not limited to your e-mail address, name, phone number and address. The information that we collect will be used to contact or identify you. If you contact us by means of a form on the website or by e-mail, your data will be stored for six months to process the request and in case of follow-up questions. We will not share this information without your consent.

11. How do we collect your data?

You directly provide PCI with most of the data we collect. We collect data and process data when you:

  • Use or view our website via your browser’s cookies.
  • Voluntarily contact us regarding pharmacovigilance matters or general issues.

12. How we use the personal data

PCI uses the collected personal data for various purposes:

  • To provide customer support
  • To gather analysis or valuable information so that we can improve our services
  • To detect, prevent and address technical issues
  • To comply with pharmacovigilance regulations

13. Legal basis for collecting and processing personal data

PCI legal basis for collecting and using the personal data described in this Data Protection Policy depends on the personal data we collect and the specific context in which we collect the information:

  • Processing your personal data is in PCI’s legitimate interests for the purposes of providing customer support
  • PCI needs to comply with the law when gathering pharmacovigilance information

14. Log Data

Whenever you visit our site, we collect information that your browser sends to us that is called Log Data. This Log Data may include information such as your computer’s Internet Protocol (“IP”) address, browser version, pages of our site that you visit, the time and date of your visit, the time spent on those pages, and other statistics.

15. Cookies

Our website uses so-called cookies. These are small text files that are stored on your device using the browser. They do no harm. We use cookies to make our offer user-friendly. Some cookies remain stored on your device until you delete them. They allow us to recognize your browser on your next visit. If you do not desire this action to occur, you can set up your browser so that it informs you about the setting of cookies and you allow them only on a case to case basis. The deactivation of cookies may limit the functionality of our website.

For more information on cookies employed on this website, please see our Cookie Policy.

16. Data processing outside the EU / EEA

Your data is at least partly processed outside the EU / EEA. Data is processed in accordance with CloudFlare Data Processing Addendum.

17. Your rights

In principle, you have the rights to information, access, rectification, erasure, restriction, data portability and objection regarding your stored data. If you believe that the processing of your data violates the data protection law or otherwise your data protection claims have been violated in any way, you can complain to us at dataprotection@pci.com or before the data protection authority. You can reach us under the following contact details:

PCI Pharma Services

You can contact our Data Protection Coordinator under dataprotection@pci.com

18. Changes to this Privacy Policy

We may update our Privacy Policy from time to time. Thus, we advise you to review this page periodically for any changes. We will notify you of any changes by posting the new Privacy Policy on this page. These changes are effective immediately, after they are posted on this page. 

Always growing, we are driving development and connecting commercialization, and with 4300 people in 30 global GMP facilities, we are local and global