Data Protection Statement for Vigilance
Data protection information on processing personal data related to adverse reactions or events associated with the use of medicinal products and safety of medical devices (vigilance)
Last updated November 2020.
In our capacity as a manufacturer of pharmaceuticals and medical devices, Fresenius Kabi Deutschland GmbH (“we”) will collect, use and report personal data of patient using our products and reporters of adverse reactions or events.
This data protection statement informs you about the processing of personal data when making an adverse event report.
Please be aware that we also may process your personal data in other contexts, e.g. when you visit our website, when you are a business contact for products or services or when you interact with us in your capacity as a healthcare professional. Please see the specific information on the processing of your personal data in such situations.
Why We Collect and Use Your Data
The quality and safety of Fresenius Kabi’s products (drugs, enteral nutrition, medical devices), services and therapies are of paramount importance. Our interactions with patients using our products do not end with the supply of products or the provision of services but involve the monitoring and analysis of applicability, effectiveness and safety for patients of our products on the market. The gained insights are the basis for identifying opportunities for continuous improvement of products and services. Fresenius Kabi, therefore, monitors and evaluates relevant information and feedback on the products, services and therapies during its use and where necessary reports these to health authorities.
The monitoring of adverse reactions or events (side effects) associated with the use of medicinal products is referred to as pharmacovigilance (drug safety). The statutory pharmacovigilance commitments relate to our medicinal products for human use. Similar regulations exist for medical devices.
With the help of our vigilance activities, Fresenius Kabi ensures that the patients’ safety of its products is always guaranteed, and that the company is enabled to identify any changes in the benefit-risk-ratio at an early stage and react in a timely manner.
What Data We Collect and How We Do That
We may collect and use your personal data in the following situation:
Information you provide to us
We collect and use the data you provide directly to us (e.g. via phone, letter or webform), as patient using our products or as reporter of adverse reactions or events.
The exact amount and kind of data depends on the information submitted to us or the information that is published, posted or shared. Such data includes:
- Information identifying the patient (potentially including first and last name, date of birth, gender)
- Medical history and other characteristics including laboratory data, pregnancy, weight and height, age,
- Measures and treatment of adverse reaction(s)
- Information identifying the reporter
- First and last name
- Contact and address information (including address, e-mail address, social media account name, phone number)
- Information on the adverse event or other information on the safety of our products
- Description of the adverse reactions related data including start, stop, duration
- Drug/active substance related data including dosage, application, suspected causality indication and duration of treatment
- Medical device related data including application, and malfunctioning
- Seriousness criteria of reaction such as death, life threatening, hospitalization or prolonged hospitalization, permanent injury or disability, important medical event
- Outcome of reaction(s)
Information we collect from publicly available sources
We collect and use the data as reported and published on publicly available sources such as social media and internet forums, literature or other reports we became aware of.
The exact amount and kind of data depends on the information submitted to us or the information that is published, posted or shared. Such data includes:
- Information identifying the patient (potentially including first and last name, date of birth, gender)
- Medical history and other characteristics
- Measures and treatment of adverse reaction(s)
- Information on the primary source of the data for potential follow-up requests
- First and last name
- Contact and address information (including address, e-mail address, social media account name, phone number)
- Information on the adverse event or other information on the safety of our products
- Description of the adverse reactions related data including start, stop, duration
- Drug/active substance related data including dosage, application, suspected causality indication and duration of treatment
- Medical device related data including application, and malfunctioning
- Seriousness criteria of reaction such as death, life threatening, hospitalization or prolonged hospitalization, permanent injury or disability, important medical event
- Outcome of reaction(s)
Information we collect from other organizations
We collect and use the data as provided to us by healthcare organizations or organizations otherwise involved in the provision of care such as hospitals, our distributors and resellers or universities.
The exact amount and kind of data depends on the information submitted to us such data includes:
- Information identifying the patient (including Initials, date of birth, gender)
- Medical history and other characteristics including laboratory data, pregnancy, weight and height, age,
- Measures and treatment of adverse reaction(s)
- Information identifying the reporter
- First and last name
- Contact and address information (including address, e-mail address, social media account name, phone number)
- Signature
- Information on the adverse event or other information on the safety of our products
- Description of the adverse reactions related data including start, stop, duration
- Drug/active substance related data including dosage, application, suspected causality indication and duration of treatment
- Medical device related data including application, and malfunctioning
- Seriousness criteria of reaction such as death, life threatening, hospitalization or prolonged hospitalization, permanent injury or disability, important medical event
- Outcome of reaction(s)
Legal Basis for Processing Your Data
We process your personal data on the following legal basis:
- The processing of your personal data is necessary for reasons of public interest in the area of public health to ensure high standards of quality and safety of medicinal products and devices based on law (Art. 6.1 e and Art. 9.2 i GDPR)
- You have given us your consent for the intended processing (Art. 6.1 a GDPR) and the processing relates to personal data which
- is made public by you (Art. 9.2 e GDPR)
- is part of your participation in a clinical trial or research study (Art. 9.2 a GDPR)
- The processing is necessary for purposes of the legitimate interests pursued by us or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data (Art. 6.1 f GDPR). This legitimate interest is explained under ‘Why we collect and use your data'
- The processing of your personal data is necessary for us in order to comply with a legal obligation we are subject to (Art. 6.1 c GDPR and Art. 9.2 i GDPR). More specifically we are obliged to have post market surveillance based on Regulation (EU) No 1235/2010 and Directive 2010/84/EU concerning the pharmacovigilance of medicinal products for human use. See also Commission Implementing Regulation No 520/2012 of 19 June 2012 and the European Medicines Agency (EMA) Guidelines on Good Pharmacovigilance Practices (GVP). Furthermore, legal obligations arise as part of a clinical trial, see Regulation (EU) No 536/2014 and as part of medical device regulations EU 745/2017 and 746/2017
We Share Your Data
We collaborate with other organizations to fulfill or legal obligations. Therefore, we may send your personal data in parts or as a whole to other organizations. Such recipients are:
- Other Fresenius Group companies if such a transfer of personal data is required for the specific purpose (Please refer to the overview of the locations in which Fresenius Kabi Group companies are active)
- Service providers who process personal data on our behalf (e.g. for hosting or maintenance services) that have to follow our instructions on such processing; these service providers will not be allowed to use your personal data for other than our purposes
- Health authorities, other pharmaceutical companies, other courts, parties in a litigation in case we are required to do so to meet any applicable laws, regulations, legal processes or enforceable governmental requests
- Professional advisors or auditors, such as tax advisors, financial auditors, lawyers, insurers, banks and other external professional advisors in the countries in which we operate
International Data Transfers
We may send your personal data in parts or as a whole to Fresenius Group recipients in countries, which are not member states of the European Union or international organizations, for the purposes listed above. Please refer to the overview of the locations in which Fresenius Kabi is active.
We may send data to the following countries for which the European Commission has determined an adequate level of data protection to be in place that matches the level of data protection within the European Union in which Fresenius entities have been established: Argentina, Canada, Japan, New Zealand, Switzerland or Uruguay.
With regards to such international data transfers to third countries, for which the European Commission has not decided that an adequate level of data protection exists, we have provided appropriate safeguards in order to secure your personal data to a degree that equals the level of data protection in the European Union.
Safeguards used are:
- Standard Contractual Clauses that have been issued by the European Commission
- Participation in the EU-US-Privacy Shield
You can obtain a copy of these standard contractual clauses online, or upon request.
How Long We Retain Your Data
Fresenius Kabi only stores personal data that is required to be compliant with the current legislation in our global safety databases. Stored data will be kept 10 years after the marketing authorization for the respective product or device has ceased to exist.
Requests, Inquiries and Complaints
Depending on the situation you have certain rights regarding your personal data. You have the right to:
- Request access to your personal data
- Request rectification of your personal data
- Request erasure of your personal data
- Request the restriction of processing of your personal data
- Data portability
- Object on grounds specific to your situation
In these cases, please use our online data protection contact.
You also have the right to lodge a complaint with our data protection officer or the supervisory authority.
Data Protection Officer:
Fresenius Kabi AG
Data Protection Officer
Else-Kröner-Straße 1
61352 Bad Homburg
Germany
E-mail: dataprotectionofficer@fresenius-kabi.com
Data Protection Authority:
Der Hessische Beauftragte für Datenschutz und Informationsfreiheit
Presse- und Öffentlichkeitsarbeit
Gustav-Stresemann-Ring 1
65189 Wiesbaden
Further Information
Requirements to provide personal data
If you do not provide all necessary personal data, we might not be able to respond or process your report properly because we cannot comply with the legal requirements as listed above.
Changes to this data protection statement
As the collection and use of your data may change over time, we might also modify this data protection statement to always correctly reflect our data processing practices. We encourage you to review it from time to time.
Controller and Contact
The controller and responsible entity for processing of personal data is:
Fresenius Kabi Deutschland GmbH
Else-Kröner-Straße 1
61352 Bad Homburg
Germany
Contact