Teva Privacy Notice – Drug Safety Surveillance (Pharmacovigilance and Quality)
Definitions used in this Privacy Notice
“Adverse event” means an unwanted, unintended or harmful event in relation to the use of a Teva product. With respect to medical devices, it also includes “incidents” and for cosmetics “serious undesirable effects” , but for ease of reading, only the term “adverse event” will be used in this notice.
“Affiliate(s)” shall mean any person, corporation, company, partnership, joint venture or other entity controlling, controlled by or under common control with Teva. For such purpose the term “control” means the holding of 50% or more of the common voting stock or ordinary shares in, or the right to appoint 50% or more of the directors of the said corporation, company, partnership, joint venture or entity.
“Personal Data”means information in any format that can be used, directly or indirectly, alone or in combination with any other information, to identify a person.
“Teva” means Teva Pharmaceutical Industries Ltd. having its principal office at 5 Basel Street, Petach Tikva 49131, Israel or its Affiliates (or both), also referred to in this Privacy Notice as “we”, “us” and “our”.
Teva and your privacy
Ensuring patient safety is extremely important to Teva and we take the safe use of all our products seriously. Teva needs to be able to get in touch with people who contact Teva about our products in order to follow-up and obtain further information, give answers to requests or to send requested material. This Privacy Notice describes how we collect and use Personal Data to help us fulfil our duty to monitor the safety of all products including medicines we market or have in clinical development (also known as our pharmacovigilance obligations) and to ensure the quality and safety of all our products. The notice is also applicable to cosmetic products, food supplements and medical devices since the international (including European) regulations on such products require similar safety and quality monitoring. However to facilitate the reading only reference to drug safety is made.
Scope of this Privacy Notice
This Privacy Notice applies to information we collect from or about you online, by phone, fax, e-mail or post, or as part of the adverse event or quality reporting regulations applicable to Teva. We may also collect this information about you through specific forms submitted by you on a site that is owned or controlled by Teva.
If you are a patient we may also be provided with information about you by a third party reporting an adverse event that affected you. Such third parties may include medical professionals, lawyers, relatives or other members of the public.
Information we collect and why we collect it
Teva is under a legal obligation to collect specific data for reasons of public interest in the area of public health (GDPR Art. 9.2(i)). In accordance with law, pharmaceutical companies, as market authorisation holders of products, must retain all product-related documents for at least the time period of the market authorisation, plus 10 years following its expiry. Therefore personal information related to the safety of our products will be retained for this time period.
Patients (subject of report)
We collect personal data about you when you or a third party provides us with information in relation to an adverse event that affected you or someone else. Where you are reporting the adverse event yourself, please also refer to the Reporters section.
Pharmacovigilance laws require us to take “detailed records” of every adverse event passed to us to allow the event to be evaluated and collated with other adverse events recorded about that product. The personal data that we may collect about you when you are the subject of an adverse event report is:
- name or initials;
- age and date of birth;
- weight and height;
- details of the product causing the reaction, including the dosage you have been taking or were prescribed, the reason you have been taking or were prescribed the product and any subsequent change to your usual regimen;
- details of other medicines or remedies you are taking or were taking at the time of the reaction, including the dosage you have been taking or were prescribed, the period of time you were taking that medicine, the reason you have been taking that medicine and any subsequent change to your regimen;
- details of the adverse reaction you suffered, the treatment you received for that reaction, and any long-term effects the reaction has caused to your health; and
- other medical history considered relevant by the reporter, including documents such as lab reports, medication histories and patient histories.
Some of this information is considered by law to be “sensitive personal data” about you. This includes any information that tells us about your:
- religion; and
- sexual life.
This information is only processed where relevant and necessary to document your reaction properly and for the purpose of meeting our pharmacovigilance, safety, and any other legal requirements. These requirements exist to allow us and competent authorities (such as the European Medicines Agency) to evaluate adverse events and make efforts to prevent similar events from happening in the future.
We collect information about you when you provide us with information in relation to an adverse event you report.
Pharmacovigilance laws require us to ensure that adverse events are traceable and available for follow-up. As a result, we must keep sufficient information about reporters to allow us to contact you once we have received the report. The personal data that we may collect about you when you report an adverse event is your:
- contact details (which may include your address, e-mail address, phone number or fax number);
- profession (this information may determine the questions you are asked about an adverse event, depending on your assumed level of medical knowledge); and
- relationship with the subject of the report.
Where you are also the subject of a report, this information may be combined with the information you provide in relation to your reaction.
How we use and share Personal Data
As part of meeting our pharmacovigilance obligations, we may use and share Personal Data to:
- investigate the adverse event;
- contact you for further information about the adverse event you reported;
- collate the information about the adverse event with information about other adverse events received by Teva to analyse the safety of a batch, Teva product or active ingredient as a whole; and
- provide mandatory reports to national and/or regional authorities so that they can analyse the safety of a batch, Teva product, active ingredient as a whole alongside reports from other sources.
Personal Data collected from you in accordance with this Privacy Notice may also be transferred to a third party in the event of a sale, assignment, transfer, or acquisition of the company or a specific product or therapeutic area, in which case we would require the buyer, assignee or transferee to treat that personal data in accordance with applicable data protection laws.
We may also share Personal Data with other pharmaceutical companies who are our co-marketing, co-distribution, or other license partners, where pharmacovigilance obligations for a product require such exchange of safety information.
We share information with national and/or regional authorities, such as the European Medicines Agency in accordance with pharmacovigilance laws. We are unable to control their use of any information we share, however note that in these circumstances, we do not share any information that directly identifies any individual (such as names or contact information), but we only share psyeudonymised information.
We may publish information about adverse events (such as case studies and summaries); in this case, we will remove identifiers from any publications so that no individual can easily be recognized.
Our pharmacovigilance obligations require us to review patterns across reports received from every country where we market our products. To meet these requirements, information provided as part of an adverse event report is shared within Teva on a worldwide basis through Teva’s Global Database. This database is also the platform through which Teva uploads adverse event reports to various oversight authorities, including the Eudravigilance database (European Medicines Agency corporate system for managing and analysing information on suspected adverse reactions to medicines which have been authorised in the European Economic Area ) and other similar databases as required by law.
Because patient safety is so important, we retain all the information we gather about you as a result of an adverse event report to ensure that we can properly assess the safety of our products over time.
For Europe: You may be entitled under applicable law to ask Teva for a copy of your information, to correct it, erase or restrict its processing, or to ask us to transfer some of this information to other organisations. You may also have rights to object to some processing. These rights may be limited in some situations – for example, where we can demonstrate we have a legal requirement to process or keep your personal data. You may exercise these rights by contacting Teva’s EU Data Protection Officer at EUPrivacy@tevaeu.com.
Please note that for legal reasons, we cannot delete information that has been collected as part of an adverse event report unless it is inaccurate. Also, we may require you to provide proper identification before we comply with any request to access or correct Personal Data.
We hope that we can satisfy any queries you may have about the way in which we process your personal data. If you have any concerns about how we process your Personal Data, you can get in touch with Teva’s Data Protection Office: for Europe, please contact us at EUPrivacy@tevaeu.com (for Germany, please contact firstname.lastname@example.org). If you have unresolved concerns you also have the right to complain to the data protection authority in the location in which you are based. Please see this link for contact details on the European Member State data protection authorities. For all other regions, please contact us at IL_Privacy.Tevail@teva.co.il.
Teva takes measures to secure Personal Data from accidental loss and from unauthorised access, use, alteration or disclosure. Additionally, we take further information security measures including access controls, stringent physical security and robust information collection, storage & processing practices.
All pharmacovigilance databases, including the Global Database, are hosted in Israel by Teva. These are administered and supported around the clock by Teva’s dedicated pharmacovigilance IT teams in Israel, Romania, Germany and the United States. Teva also engages a data processing company in India (Accenture) for data entry, administration and data cleansing of a limited part of the pharmacovigilance database. Transfers to Israel are based on the European Commission’s adequacy decision for the State of Israel. Transfers to the USA are based on Teva USA’s Privacy Shield certification. Transfers to India are based on European Commission Model Clauses. For more information on any of these transfer methods, please contact us using the email address below.
Patient information may also be transferred worldwide as part of our Global Database. These transfers may include transfers outside of your country to countries that may have different data protection laws. Teva takes steps to ensure Personal Data is adequately protected if transferred to these countries. While it remains in Teva’s systems, the security measures outlined in this Privacy Notice apply and, when processed in other parties’ systems, Teva ensures agreements are in place with such parties that ensure the third party also has adequate security measures in place.
Changes to this Privacy Notice
If we decide to change the substance of this Privacy Notice materially, we will post those changes through a prominent notice on the Site.
Personal Data is submitted to Teva and is hosted and stored in databases on servers situated in Israel, which are owned and maintained by Teva Pharmaceutical Industries Ltd., an Israeli limited liability company whose principal place of business is at:
5 Basel Street
PO Box 3190
Petach Tikva 49131
If, at any time, you have questions or concerns about this Privacy Notice, please e-mail our European Data Protection Officer at EUPrivacy@tevaeu.com. For all other regions, please contact us at IL_Privacy.Tevail@teva.co.il. We will use reasonable endeavours to answer your question promptly or resolve your problem.
Effective: July 2018