This privacy policy (the “Policy“) covers the use of personal data concerning end users (“you”, “your”) by SERB SA, whose registered office is located at avenue Louise 480, 1050 Brussels, Belgium (hereinafter referred to as the “Company”, “we”, “us”, “our”).
The Company is committed to making data protection and privacy a key value.
The Company undertakes to use its best efforts to comply with applicable data protection legislation,
including Regulation (EU) 2016/679 on the protection of individuals with regard to the processing of
personal data and on the free movement of such data, when processing personal data, and repealing
Directive 95/46/EC (the “General Data Protection Regulation”) (the “GDPR”) and applicable national laws
and regulations on data protection (together, the “Applicable Data Protection Legislation”)
In particular, your personal data is kept by the Company for periods not exceeding those necessary for the purposes for which it is processed, taking into account the sensitive nature of the data processed, the applicable statute of limitations and the legal or regulatory obligations imposed on the Company. The retention periods are specified in Articles 3.4 and 4.4.
Categories of data processed
The Company processes the following personal data for the purposes described below:
Your personal identification data (surname, first name);
Your professional identification data (hospital, pharmacy, government entity, civil protection, civil defence, etc.) will be used to identify you.);
Your contact data (postal address, telephone, e-mail address, fax);
Data relating to your meeting with our medical representatives (time and location of the meeting, data relating to the cost of shared meals, data contained in the comment fields);
Where applicable, the personal data you have entered in the contact form on the website or in the complaints you have submitted
Purposes of processing
The Company processes your personal data for the following purposes:
Follow-up of medical sales representative canvassing activity;
Follow-up of invoicing;
Follow-up of emailing or postal campaigns;
Management of temporary authorisations for use (individual or cohort) (the “ATU”);
Monitoring and transparency of the benefits granted;
Management of calls for tenders;
Verification of product quality;
Management of requests for information.
| Processing activity | Collected data | Legal basis | Shelf life |
|---|---|---|---|
| Follow-up of medical sales representative canvassing activity |
Your personal identification data Data relating to your meeting with our medical sales representatives |
Legitimate business development interest of the Company |
5 years from collection |
| Follow-up of invoicing | Your personal identification data Your professional identification data Your contact details |
Execution of the sales contract between Company and the customer |
5 years from the issue of the invoice |
| Follow-up of emailing or postal mail campaigns |
Your personal identification data Your professional identification data Your contact details |
Legitimate business development interest of the Company |
Duration of the business relationship, increased by 3 years from the last active contact with the customer |
| Management of ATU | Your personal identification data Your professional identification data Your contact details |
Legal obligation | 2 years following the approval by the ANSM of the summary of the last synthesis report Archiving on an intermediate basis during the MA and then 10 years after its expiry |
| Monitoring and transparency of benefits granted |
Your personal identification data Your professional identification data Your contact details |
Legal obligation | 5 years from collection |
| Management of calls for tenders | Your personal identification data Your professional identification data Your contact details |
Legitimate interest in the Company’s management of tenders |
For prospects: 3 years With regard to customers: duration of the contractual relationship increased by 5 years |
| Verification of product quality | Your personal identification data Your professional identification data Your contact details |
Legal obligation | 10 years from the date of the claim |
| Information requests | Your personal identification data Your professional identification data Your contact details |
Legitimate interest of the applicant to receive full information on the product |
5 years from application |
We collect your personal data:
directly to you through our authorised staff, our website or our medical sales representatives, or
indirectly through ATU forms
If necessary, we may pass on your personal data to the following recipients:
Our technical service providers for billing management, CRM, tender management, hosting and archiving;
Our legal advisers and/or attorneys and those of potential purchasers in the context of restructuring
operations, disposals, mergers and acquisitions or litigation;
Government entities and administrations authorised to access and/or obtain your personal data;
The courts and tribunals in the event of a dispute involving you;
The law enforcement authorities in the event of the observation or suspicion of the occurrence of an oence involving you in accordance with or as required by the applicable law.
In the event of a restructuring, disposal or merger (including reorganisation), we may transfer your personal data to a third party involved in the transaction (for example, a purchaser) in accordance with Applicable Data Protection Legislation.
We take appropriate steps to ensure that our contractors process your personal data in accordance with Applicable Data Protection Legislation.
These measures include the signing of a data processing agreement which requires the subcontractors, among other things, to process your personal data only on our instructions, not to engage a second-tier subcontractor without our consent, to take the appropriate technical and organisational measures to guarantee the security of your personal data, to ensure that the persons authorised to access the data are subject to confidentiality obligations, to return and/or destroy your personal data at the end of their assignment or contract, to undergo audits and to provide us with assistance in following up on your requests to exercise your rights in relation to your personal data.
It is not our intention to transfer your data outside the European Economic Area, with the exception of data communications that we may make to our subcontractors located outside the European Economic Area. Where appropriate, we will implement all appropriate safeguards in accordance with Applicable
Data Protection Legislation.
In accordance with Applicable Data Protection Legislation, you have the right to access, rectify and delete your personal data, the right to object to or limit the processing of your personal data, the right to portability of personal data and the right to define directives concerning the use of your personal data after your death.
| Law | What does this mean? |
|---|---|
| The right of access | You have the right to obtain a copy of your personal data. |
| The right of rectification | You have the right to obtain the rectification of your personal data if they are inaccurate or incomplete. |
| The right to erasure (the “right to forget”) | You have the right to obtain the deletion of your personal data. However, the right to erasure (or the “right to forget”) is not absolute and is subject to specific conditions. We may retain your personal data to the extent permitted by applicable law, and in particular where processing is necessary to comply with a legal obligation to which the Company is subject or to establish, exercise or defend right in court. |
| The right to limitation of processing | You have the right to obtain the limitation of the processing in certain circumstances (e.g. when the Company no longer needs your personal data but they are still necessary for the establishment, exercise or defence of a legal right). |
| The right to the portability of personal data | You have the right, in certain circumstances, to receive the personal data concerning you that you have provided to the Company in a structured, commonly used and machine-readable format and to pass it on to another controller. |
| The right to object to processing | You have the right to object to certain types of processing (e.g. when the processing is based on the legitimate interests of the Company). This right does not apply when the processing is based on our legal obligations. |
| The right to withdraw consent | If you have given your consent to the Company’s processing of your personal data, you have the right to withdraw it at any time. |
| The right to right to define directives concerning the use of your personal data after your death |
You can define guidelines for the storage, deletion and disclosure of your personal data after your death. These guidelines may be general or specific. General guidelines are registered with a trusted third party. Special guidelines are stored with the Company. |
Please send us any request concerning your rights in relation to your personal data by email to dpo@serb.eu. We will deal with your request as soon as possible and always within the time limits provided for by the Applicable Data Protection Legislation. Please note that we may retain your personal data for certain purposes where required or permitted by law.
We take appropriate technical and organisational measures to ensure a level of security appropriate to the risks associated with your personal data. We follow industry best practices to ensure that personal data is not accidentally or unlawfully destroyed, lost, altered, unauthorised disclosure or unauthorised
access.
If you have any questions or complaints regarding the processing of your personal data by the Company, please send an email to dpo@serb.eu
You have the right to submit a complaint to the competent supervisory authority:
To exercise all relevant rights, queries or complaints please in the first instance contact our Data protection office on dpo@serb.eu.
Please note that you also have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or of an alleged infringement of the GDPR.
In the United Kingdom, the supervisory authority in charge of data protection matters is the Information
Commissioner’s Office (ICO) that you may contact by phone (030 3123 1113), by email
https://ico.org.uk/global/contact-us/email/ or at the Information Commissioner’s Office,
Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF, England.
In Belgium, the supervisory authority in charge of data protection matters is the Autorité de protection
des données (APD) that you may contact by phone (+32 (0)2 274 48 00), by email https://www.autoriteprotectiondonnees.be/citoyen/agir/contact or at Autorité de protection des
données, Rue de la Presse, 35 à 1000 Bruxelles.
The Company reserves the right to update this Policy at any time. If we make changes to this Policy, we will notify you so that you are always aware of how we treat your personal data.
Disclaimer
You are leaving the Collatamp website.
This link will take you to a third-party website, the terms of use and the privacy policy of which may be different. Serb declines all responsibility in that regard and in case of a breach of its privacy policy by the third-party website. Moreover, Serb is not responsible for any information or opinion contained in any third-party website.
