Privacy Statement – English
Klik hier voor onze Nederlandstalige privacy statement.
DADA Consultancy (“DADA”) is responsible for the processing of personal data as shown in this privacy statement.
Dada Consultancy B.V.
Godfried Bomansstraat 31
6543 JA Nijmegen
+31 24 3730309
Personal data that we process
Your personal data may be used by DADA in a variety of ways. We will always be as transparent as possible as to how we use your data.
Visiting DADA’s website
You can click ‘Accept all’ to accept all cookies, or specifically select in the ‘Detailed selection’ section, which cookies you would like to allow.
Using DADA’s Services
DADA processes personal data on behalf of its clients, which concerns internationally established pharmaceutical companies. We process personal data in connection with the legal obligation of our clients in order to ensure the safety of medicines and to process adverse reactions or other reports concerning products. Therefore, DADA needs to processes information about your health, which is considered to be sensitive personal data about you. Also, we may collect personal data with which we can demonstrably record the existence of an actual patient (on the basis of gender and country of origin) and, if necessary, your contact details in order to answer your request. Where it is necessary and/or legally required to share this information with our client or a third party, the information will be pseudonomysed.
For what purpose and on what basis we process personal data
DADA Consultancy processes your personal data under the scope of the legal pharmacovigilance obligations that our clients have within the pharmaceutical industry. With this we promote safe and as effective as possible use of medicines.
Please note that to appropriately respond to your questions, the information you share with us may be shared with our clients, affiliates, partners or regulatory authorities within the US that are subject to HIPAA. When we share such personal data, we only share the information that is considered necessary and pseudonomynise such personal data.
DADA Consultancy does not carry out automated processing; namely, decisions taken by computer programs or systems, without a person (for example an employee of DADA Consultancy) sitting in between. Hence, there are no decisions about matters that can have (significant) consequences for people.
How long will we store personal data
DADA Consultancy does not store your personal data for longer than is strictly necessary to realize the purposes for which your data is collected and to comply with respective legal pharmacovigilance obligations.
Sharing personal data with third parties
DADA Consultancy will not sell your personal data to third parties and will only provide personal data if this is necessary for the execution of our agreement with our clients or to comply with a legal obligation. With companies that process your data in our assignment, and with our clients, we conclude a data processor agreement to ensure the same level of security and confidentiality of your data.
View, modify or delete data
You have the right to view, correct or delete your personal data. You also have the right to withdraw your consent to the data processing or to object to the processing of your personal data by DADA Consultancy or its clients, and you have the right to data portability. Please be aware that due to legal pharmacovigilance obligations of our clients it is not always possible to exercise your full rights.
You can send a request for access, correction, deletion, data transfer of your personal data or request for cancellation of your consent or objection to the processing of your personal data to email@example.com. We respond as quickly as possible, but within four weeks, to your request. DADA Consultancy also wishes to point out that you have the opportunity to file a complaint with the national supervisory authority, the Dutch Data Protection Authority. This can be done via the following link: https://autoriteitpersoonsgegevens.nl/nl/contact-met-de-autoriteit-persoonsgegevens/tip-ons
How we protect personal data
DADA Consultancy takes the protection of your personal data seriously and takes appropriate measures to prevent misuse, loss, unauthorized access, unwanted disclosure and unauthorized modification. If you have the impression that your data is not secure or that there are indications of abuse, please contact our customer service at firstname.lastname@example.org.
When developing, designing, selecting and using business applications, or rendering services and delivering services to our clients which include processing of personal data, we ensure to fulfil our legal obligations with respect to GDPR. Organisational and technical measures principally undertaken by DADA -as listed below- are also continuously being evaluated and improved.
GDPR related organisational measures
- Data Protection Impact Assessments (“DPIA”) can be carried out as required and upon request – to support clients’ compliance. For internal processes, DPIA’s are carried out before starting any high risks processing activities.
- Guidelines, procedures and processes are in place to handle incidents involving personal data.
- Service agreements with our clients and suppliers (subprocessors) reflect the GDPR requirements. We seek to only engage subprocessors which provide sufficient guarantees, in particular in terms of expert knowledge, reliability and resources, and require from them to implement technical and organisational measures which meet the requirements of GDPR and our clients, including for the security of processing.
- Trainings and awareness campaigns directed to all employees have been carried out, and all employees are required to complete the mandatory GDPR training. The trainings are being updated on an annual basis.
GDPR related technical and security measures
- All employees have signed confidentiality statements, and it is required to adhere to internal policies.
- Employee’s activity on and access to IT systems and physical personal data storage facilities (“Storage”) is secured, aligned with (multiple) authentication requirements and separable.
- Employees are only performing authorized duties relevant to their respective jobs and positions.
- Employees access rights to IT systems and storage are in line with predefined and documented business needs, and the job requirements are attached to user identities.