PRIVACY NOTICES

The data controllers are:

(a) the Grifols' group company that holds the marketing authorization of the pharmaceutical product in the territory of its commercialization ("Grifols' MAH"). The identity and contact details of Grifols' MAH is available in the national registers of authorised medicines of Member States of the European Union (https://www.ema.europa.eu/en/medicines/national-registers-authorised-medicines), and

(b) the Grifols' group company that has designated a Local Qualified Pharmacovigilance Contact Person responsible for pharmacovigilance issues at a national level ("Grifols' LQPVCP"). Grifols' LQPVCP is the data controller with respect to the adverse events notified in its territory.

The identity and contact details of Grifols' MAH and LQPVCP in a specific country are available here. Grifols' MAH and Grifols' LQPVCP will be jointly referred to as "Grifols".

The data protection officer acts as an interlocutor between Grifols and you in order to ensure Grifols' compliance with the data protection legislation and guarantee your rights under such legislation. You may contact the data protection officer at dpo@grifols.com or the data protection officer of Grifols Deutschland, GmbH at dsb@grifols.com, if the latter is the company that holds the marketing authorization or if it has appointed a Local Qualified Pharmacovigilance Contact Person.

Grifols processes the personal data to:

(a) contact the data subject to obtain more information on the adverse events and, if necessary, to monitor the notification it has received,

(b) be able to comply with all pharmacovigilance related obligations as a pharmaceutical company, and

(c) notify the competent health authorities, national or international, of any data related to the adverse events the data subject has notified.

Additionally, Grifols' LQPVCP processes the personal data to notify any data and information related to adverse events to Grifols' MAH. In any event, any data processing by Grifols' LQPVCP shall follow Grifols' MAH indications, unless otherwise regulated in applicable laws and regulations.

The legal bases to process the personal data are:

(a) the compliance with the legal obligations stemming from the national laws implementing the Directive 2001/83/EC of the European Parliament and of the Council of 6 November 2001 on the Community code relating to medicinal products for human use and any other legislation supplementing or replacing it, and

(b) the public interest in the area of public health for the purposes of ensuring the quality and security of Grifols' group pharmaceutical products, on the basis of the pharmacovigilance applicable legislation.

Once the purposes for which the personal data processed are fulfilled, Grifols retains the personal data until the end of statutes of limitation of any liabilities that may arise and during the term required to comply with any applicable legal obligation.

In accordance with Section 3 and based on the nature of the notified adverse event, it may be necessary to provide the personal data to the pharmacovigilance team and any other teams existing across the Grifols' group companies, such as regulatory affairs, quality, marketing and audit or legal services, among others.

Additionally, your personal data may be exceptionally provided to national or international competent health authorities, healthcare professionals or companies with whom Grifols has signed commercial and/or license agreements or who are responsible of assessing the pharmaceutical products, with the sole purpose of complying with the pharmacovigilance obligations.

If the personal data is accessed from countries that do not offer an adequate level of protection, Grifols will adopt, if required, appropriate safeguards on such international data transfers in accordance with applicable data protection legislation. You may request Grifols additional information on the appropriate safeguards by writing to the address privacy@grifols.com.

Grifols does not share the personal data with any other third party, unless necessary for the daily management of the activities set out in Section 3 and/or unless required by applicable law.

Grifols only processes those personal data that are relevant for the purposes mentioned in Section 3.

When the reporter of the adverse event is not the patient, Grifols obtains the patient's personal data detailed below from the reporter. The personal data of the healthcare professional could be obtained from the reporter or through any other third party.

The personal data that might not have been obtained from the data subject and has thus been obtained from other sources are:

(a) data that allows indirect identification (for example, age and sex ) of the patients exposed to the adverse event and its health data (for example, treatments administered and nature of the adverse effect), which has been obtained from the reporter, and

(b) identifying data and contact details of the healthcare professional responsible of the patient exposed to the adverse event, that has been obtained from the reporter or another source.

For notifications of adverse events made to Grifols France, S.A.R.L. (acting as data controller), you also have a right to provide guidance on the management of your data after your death.

Given that the legal basis to process personal data are the compliance with legal obligations, the rights of erasure, objection and portability are not applicable.  

You may exercise, when appropriate, the data protection rights by sending a written communication to Grifols' MAH and/or Grifols' LQPVCP to the corresponding address identified here and indicating as subject matter of the communication "Pharmacovigilance – Adverse Events Notification". For these purposes, Grifols may request a copy of your ID card/passport in force or any other valid document evidencing your identity.

In addition, you may lodge a complaint with a data protection authority.