Teva Privacy Notice for Pharmacovigilance, Medical Information and Product Complaints
“Teva” means Teva Pharmaceutical Industries Ltd. having its principal office at Dvorah Haneviah 124, Tel Aviv, Israel or its Affiliates (or both), including the Data Controller, who is the local Teva Affiliate in your country.
Teva and your privacy
Ensuring patient safety is extremely important to Teva and we take the safe use of all our products seriously. Teva needs to be able to get in touch with people who contact Teva about our products in order to follow-up and obtain further information, give answers to requests or to send requested material. This Privacy Notice describes how we collect and use Personal Data (which means information in any format that can be used, directly or indirectly, alone or in combination with any other information, to identify a person or as otherwise defined in applicable legislation) to help us fulfil our pharmacovigilance, product/quality complaint and medical inquiry obligations/requests to monitor and ensure the safety and quality of all our products, including medicines, cosmetic products, food supplements and medical devices that we market or have in clinical development.
Although this Privacy Notice is also applicable to cosmetic products, food supplements and medical devices, to facilitate the reading only reference to drug safety is made.
Scope of this Privacy Notice
This Privacy Notice applies to information we collect from or about you online (such as website, social media, chatbot or live chat, applications), by phone, fax, e-mail or post, as part of the adverse event, quality or medical inquiry or reporting regulations applicable to Teva. We may also collect this information about you through specific forms submitted by you on a website that is owned or controlled by Teva.An “adverse event” means an unwanted, unintended or harmful event in relation to the use of a Teva product. With respect to medical devices, it also includes “incidents” and for cosmetics "serious undesirable effects", but for ease of reading, only the term “adverse event” will be used in this Privacy Notice. Pharmacovigilance legislation require us to take detailed records of every adverse event passed to us to allow the event to be evaluated and collated with other adverse events recorded about that product.
If you are a patient, we may also be provided with information about you by a third party reporting an adverse event that affected you. Such third parties may include medical professionals, lawyers, relatives or other members of the public. We may also receive your Personal Data from our license partners, competent authorities and research in the scientific and medical literature. However, such data is often pseudonymised and de-identified.
Information regarding data processing
Pharmacovigilance |
Medical Inquiry |
Quality Complaint |
|
What information do we collect?
|
|||
The Personal Data that we may collect about you when you are the subject of an adverse event report is:
This may include information that is considered by law to be “sensitive (health, ethnicity, religion, sexual life). |
The Personal Data we may collect about you when you are the subject of a medical inquiry report is:
This may include information that is considered by law to be “sensitive (health, ethnicity, religion, sexual life). |
The Personal Data we may collect about you when you are the subject of a quality complaint report is:
This may include information that is considered by law to be “sensitive (health, ethnicity, religion, sexual life). |
|
What information do we collect?
|
|||
The Personal Data that we may collect about you when you are the reporter of an adverse event report is:
Where you are also the subject of a report, this information may be combined with the information you provide in relation to your reaction. |
The Personal Data that we may collect about you when you make a medical information request is:
Relationship with the subject of the request |
The Personal Data that we may collect about you when you make a product complaint report is:
|
|
Why do we collect it?
|
|||
To manage and process adverse event reports on our products. Pharmacovigilance and related legislation require us to ensure that adverse events are traceable and available for follow-up. As a result, we must keep sufficient information about reporters to allow us to contact you once we have received the report. Without that information, we may not be able to fully evaluate and follow up on the report. |
To manage and respond to your medical inquiry requests. |
To manage and respond to your quality complaints and to meet quality control requirements. Product safety and related legislation require us to ensure that reports are traceable and available for follow-up. As a result, we must keep sufficient information about reporters to allow us to contact you once we have received the report. |
|
What legal basis do we rely on for the data processing?
|
|||
EEA: Teva are under a legal obligation under pharmacovigilance legislation, including as set out in Good Pharmacovigilance Practices, to collect specific data for reasons of public interest in the area of public health (in the EEA, GDPR Art. 6(1)(c) and 9.2(i)) Non–EEA: Teva are under a legal obligation under pharmacovigilance legislation to collect specific data for reasons of public health or protection of individuals’ life, health or other vital interests. If there is no other legal basis, we rely on your and/or the patient’s (explicit) consent. You are not obliged to provide us with your or the patient’s data, or to give your consent. If you decide to provide us with Personal Data, we will consider this (explicit) consent to processing your and the patient’s data as described in this Privacy Notice. Depending on the country, this may include consent to processing all or sensitive data, sharing data with recipients, or transferring data abroad. By providing the patient’s data you confirm that the patient (expressly) consented to the processing of their data as described in this Privacy Notice, and that you were duly authorized to provide such data to us or to consent to the processing of the patient’s data on their behalf (in line with applicable law). |
Teva are in some cases under a legal obligation under product safety and quality legislation in responding to your requests (EU GDPR Art. 6(1)(c) and 9(2)(i)). In other cases, we rely on our legitimate business interest (EU GDPR Art. 6(1)(f)), or your consent (EU GDPR Art. 6(1)(a) and 9(2)(a)), which would be clearly obtained at the time of collection. |
Teva are in some cases under a legal obligation under product safety and quality legislation in responding to your requests (EU GDPR Art. 6(1)(c) and 9(2)(i)). In other cases, we rely on our legitimate business interest (EU GDPR Art. 6(1)(f)), or your consent (EU GDPR Art. 6(1)(a) and 9(2)(a)), which would be clearly obtained at the time of collection. |
|
International transfers
|
|||
Teva pharmacovigilance database is located in the United States. These are administered and supported by Teva’s pharmacovigilance teams in Israel and India. Teva also engages a data processing company in India (Accenture) for data entry, administration and data cleansing of a limited part of the pharmacovigilance database. |
Our medical inquiries database is hosted by a third party in Europe. Because Teva is a global company, access to these databases may be provided to our global quality and medical teams, however in all cases, only strictly to what is required in order for our teams to complete their responsibilities and where possible, only in pseudonymised form. |
Teva quality complaints database is located in the United States. Because Teva is a global company, access to these databases may be provided to our global quality and medical teams, however in all cases, only strictly to what is required in order for our teams to complete their responsibilities and where possible, only in pseudonymised form. |
For Europe, the UK and Switzerland: Transfers to Israel are based on the European Commission’s adequacy decision for the State of Israel. Transfers to India and to the USA are based on European Commission Model Clauses or equivalent based on applicable data protection laws.
For other countries: Transfers abroad (including to countries that provide a lower level of privacy protection) are based on a relevant mechanism to safeguard transfers, such as consent or appropriate agreements.
Information on the mechanism can be provided upon request to Teva Data Protection Office (contact information below).
Purposes of Data Processing
All information is only processed where relevant and necessary to document your reaction properly and for the purpose of meeting our pharmacovigilance, safety, quality and any other legal requirements. The legal requirements exist to allow us and competent authorities (such as the European Medicines Agency and relevant local authorities) to evaluate adverse events, quality complaints or medical inquiries and make efforts to prevent similar events from happening in the future. We also need to process this information in order to respond to any request or inquiry made by you (follow up). Your data will not be used for any other purposes than those purposes listed herein.
Data Retention
Any Personal Data which is collected for any of the above purposes will be retained in pseudonymised form (when possible and only after any necessary follow up), in a fully secured manner, and minimized in accordance with data protection principles. Because patient and product safety is so important, we retain the information we gather about adverse events, quality complaints or medical inquiries to ensure that we can properly assess the safety and suitability of our products over time. As we operate as a global company, in order to meet international legal requirements, this data is retained for a period 30 years following life of the product market authorisation. Afterwards, Personal Data is deleted, anonymised, or otherwise irreversibly destroyed in accordance with procedures.
How we use and share Personal Data
We may use and share Personal Data to:
- investigate the adverse event, quality complaint or medical inquiry;
- contact you for further information about the adverse event, quality complaint or medical inquiry you reported;
- collate the information about the adverse event, quality complaint or medical inquiry with information about other adverse events, quality complaint or medical inquiries received by Teva to analyse the safety of a batch, Teva product or active ingredient as a whole (only in pseudonymised form); and
- provide mandatory reports to national and/or regional authorities so that they can analyse the safety of a batch, Teva product, active ingredient as a whole alongside reports from other sources (in pseudonymised form where possible).
Our pharmacovigilance and quality obligations require us to review patterns across reports received from every country where we market our products. To meet these requirements, information provided as part of an adverse event or quality report is shared within Teva on a worldwide basis through Teva’s global database. This database is also the platform through which Teva uploads adverse event reports to various oversight authorities, including the Eudravigilance database (European Medicines Agency corporate system for managing and analysing information on suspected adverse reactions to medicines which have been authorised in the European Economic Area) and other similar databases as required by law. We also maintain a global medical inquiry database in order to answer your inquiries and internally manage these answers. However, your Personal Data is pseundonymised and de-identified when possible in order to protect your privacy.
Personal Data collected from you in accordance with this Privacy Notice may also be transferred to a third party in the event of a sale, assignment, transfer, or acquisition of the company or a specific product or therapeutic area, in which case we would require the buyer, assignee or transferee to treat that Personal Data in accordance with applicable data protection laws.
Further Information regarding Pharmacovigilance
We may also share Personal Data with other pharmaceutical companies who are our co-marketing, co-distribution, or other license partners, where pharmacovigilance obligations for a product require such exchange of safety information. We may also share Personal Data with our service providers, who process them on our behalf. They are provided with the information on a need-to-know basis and are not authorized to use or disclose Personal Data for their own marketing or other purposes.
Additionally, in some cases, as part of our market authorisation for a particular product, you may be enrolled in a patient safety programme, in which case further information on data processing (such as any additional data sharing or transfers) would be provided to you at the time of your enrolment.
We share information with national and/or regional authorities, such as the European Medicines Agency and other similar local authority in accordance with pharmacovigilance laws. We are unable to control their use of any information we share, however note that in these circumstances, we do not share any information that directly identifies any individual (such as names or contact information), but we only share pseudonymised information. We may publish information about adverse events (such as case studies and summaries); in this case, we will remove identifiers from any publications so that no individual can easily be recognized.
Your rights
You may be entitled under applicable law to ask Teva for a copy of your information, to correct it, erase or restrict its processing, or withdraw your consent to its processing or to ask us to transfer some of this information to other organisations. You may also have rights to object to some processing. These rights may be limited in some situations – for example, where we can demonstrate we have a legal requirement to process or keep your Personal Data. Once we have erased your information upon your request, it will no longer be available within Teva systems, so you will not be able to obtain it from Teva again. You may exercise these rights by contacting Teva’s Data Protection Office (contact information below).
Please note that we may require you to provide proper identification before we comply with any request to access or correct Personal Data.
We hope that we can satisfy any queries you may have about the way in which we process your Personal Data. If you have any concerns about how we process your Personal Data, you can get in touch with Teva’s Data Protection Office (see below for contact information).
Security
Teva takes reasonable measures to secure Personal Data under applicable privacy laws from accidental loss and from unauthorised access, use, alteration or disclosure. Additionally, we take further information security measures including access controls, stringent physical security and robust information collection, storage & processing practices.
Changes to this Privacy Notice
If we decide to change the substance of this Privacy Notice materially, we will post those changes through a prominent notice.
Contact Information
If you have any concerns about how we process your Personal Data or wish to exercise any of your rights or wish to obtain other information, such as a copy of a legitimate interests balancing test, you can get in touch with our Teva Data Protection Office by contacting us:
For Europe, UK and Switzerland, you can contact our Data Protection Officer at EUPrivacy@tevaeu.com.
For the United States, you can contact us at USPrivacy@tevapharm.com.
For other regions, please contact us at IMPrivacy@tevapharm.com.
We hope that we can satisfy any queries you may have about the way in which we process your Personal Data. However, if you have unresolved concerns you may also have the right to complain to the data protection authority in the location in which you live, work or believe a data protection breach has occurred.
ANNEX 1
ADDENDUM FOR INDIVIDUALS IN SOUTH KOREA
The information below applies in addition to the information set out in the Privacy Notice:
We may provide Personal Data to the following third party data recipients for the purpose of conducting pharmacovigilance:
Recipient |
Type of information |
Retention period |
Korea Pharmaceutical Safety Management Institute |
Patients’ data |
Until the purpose of using personal data is fulfilled |
Ministry of Food and Drug Safety |
Patients’ data |
Until the purpose of using personal information is fulfilled |
Joint promotion company (Lundbeck/Handok Pharmaceutical/Chong Kun Dang/GSK) |
Patients’ and reporters’ data. |
Until the purpose of using personal data is fulfilled |
Transfer to Overseas Entities
Recipient |
Transferred Personal Data |
Transferred Country |
Purpose of Use |
Retention and Use Period |
Teva Pharmaceuticals USA, Inc. |
Patient data, reporters data |
US |
Storage of pharmacovigilliance database |
As long as necessary, for a period of 30 years following the life of the product market authorisation. |
Teva Pharmaceutical Industries Ltd. |
Patient data, reporters data |
Israel |
Administration and support |
As long as necessary |
Teva API India Pvt. Limited |
Patient data, reporters data |
India |
Administration and support |
As long as necessary |
Accenture Solutions Private Limited |
Patient data, reporters data |
India |
Data entry, administration and data cleansing |
As long as necessary |
Veeva Systems Inc. |
Patient data, reporters data |
US |
Data storage |
As long as necessary |
The above Personal Data are transferred outside South Korea whenever necessary, through the internet network.
Details of Chief Privacy Officer
Our Chief Privacy Officer is the General Counsel of Teva-Handok.
Please contact us at IMPrivacy@tevapharm.com.
ANNEX 2
ADDENDUM FOR INDIVIDUALS IN RUSSIA
The information below applies in addition to the information set out in the Privacy Notice:
Teva complies with localization and other applicable requirements when your processing personal data within handling Pharmacovigilance notices, Medical Inquiries and Quality Complaints. The scope of personal data that we processes is limited by relevant pharmacovigilance laws, otherwise we may process relevant personal data following your consent or our contractual obligations. There is no cross-border transfer of Personal Data.
ANNEX 3
ADDENDUM FOR INDIVIDUALS IN CANADA
The information below applies in addition to the information set out in the Privacy Notice:
Certain Teva services are operated outside Canada or the province in which you reside (which may include transfers outside of Quebec for Quebec residents), and the laws in such other jurisdictions may differ from the laws where you reside.
We and our service providers may disclose your Personal Data if we are required or permitted by applicable law or legal process, which may include lawful access by foreign courts, law enforcement agencies or other government authorities in the jurisdictions in which we or our service providers operate. For information about the manner in which we or our service providers treat Personal Data, please contact us as set out in the “Contact Information”.
Contact Information
If you have any concerns about how we or our service providers process your Personal Data or wish to exercise any of your rights or wish to obtain other information, such as a copy of a legitimate interests balancing test, you can get in touch with our Teva Data Protection Office by contacting us at IMPrivacy@tevapharm.com.