Privacy Statement – English

Klik hier voor onze Nederlandstalige privacy statement.

ADOH B.V. is a Dutch pharmaceutical manufacturer and service provider that is part of DADA Holding B.V.

DADA Consultancy (“DADA”), located in the Netherlands, is responsible for the processing of personal data as shown in this privacy statement, in line with the GDPR.

Contact details
DADA
Godfried Bomansstraat 31
6543 JA Nijmegen
+31 24 3730309
dpo@dada.nl

Personal data that we process

Your personal data may be used by ADOH and DADA in a variety of ways. We will always be as transparent as possible as to how we use your data.

Visiting ADOH’s website

When you access the ADOH website, certain information may be exchanged between your device and our server. This may contain personal data. Data collected in this way can for instance be used to optimise our website. We use cookies on our website to provide you with the best possible experience. This includes data processing that helps our website to run smoothly.  We also make use of analytical cookies by collecting and reporting information to understand how visitors interact with our website.

Using ADOH’s and DADA’s Services

DADA processes personal data on behalf of its clients, which concerns internationally established pharmaceutical companies. We process personal data in connection with the legal obligation to ensure the safety of medicines and to process adverse reactions or other reports concerning products. Also, we may collect personal  data with which we can demonstrably record the existence of an actual patient (on the basis of gender and country of origin) and, if necessary, your contact details in order to answer your request. Where it is necessary and/or legally required to share this information with our client or a third party, the information will be pseudonomysed.

Special and/or sensitive personal data that we process

With your consent, DADA processes information about your health, which is considered to be special and / or sensitive personal data about you.

For what purpose and on what basis we process personal data

DADA processes your personal data under the scope of the legal pharmacovigilance obligations that our clients have within the pharmaceutical industry. With this we promote safe and as effective as possible use of medicines.

Please note that to appropriately respond to your questions, the information you share with us may be shared with our clients, affiliates, partners or regulatory authorities within the US that are subject to HIPAA. When we share such personal data, we only share the information that is considered necessary and pseudonomynise such personal data.

Automated decision-making

DADA does not carry out automated processing; namely, decisions taken by computer programs or systems, without a person (for example an employee of DADA) sitting in between. Hence, there are no decisions about matters that can have (significant) consequences for people.

How long will we store personal data

DADA does not store your personal data for longer than is strictly necessary to realize the purposes for which your data is collected and to comply with respective legal (pharmacovigilance) obligations.

Sharing personal data with third parties

DADA will not sell your information to third parties and will only provide this information if this is necessary for the execution of our agreement with our clients or to comply with a legal obligation. With companies that process your data in our assignment, and with our clients, we conclude a data processing agreement to ensure the same level of security and confidentiality of your data.

View, modify or delete data

You have the right to view, correct or delete your personal data. You also have the right to withdraw your consent to the data processing or to object to the processing of your personal data by DADA or its clients, and you have the right to data portability. Please be aware that due to legal pharmacovigilance obligations of our clients it is not always possible to exercise your full rights.

You can send a request for access, correction, deletion, data transfer of your personal data or request for cancellation of your consent or objection to the processing of your personal data to office@dada.nl. We respond as quickly as possible, but within four weeks, at your request. DADA also wishes to point out that you have the opportunity to file a complaint with the national supervisory authority, the Dutch Data Protection Authority. This can be done via the following link: https://autoriteitpersoonsgegevens.nl/nl/contact-met-de-autoriteit-persoonsgegevens/tip-ons

How we protect personal data

DADA takes the protection of your data seriously and takes appropriate measures to prevent misuse, loss, unauthorized access, unwanted disclosure and unauthorized modification. If you have the impression that your data is not secure or that there are indications of abuse, please contact our customer service at office@dada.nl.

When developing, designing, selecting and using business applications, or rendering services and delivering services to our clients which include processing of personal data, we ensure to fulfil our legal obligations with respect to GDPR. Organisational and technical measures principally undertaken by DADA -as listed below- are also continuously being evaluated and improved.

GDPR related organisational measures

  • Data Protection Impact Assessments (“DPIA”) can be carried out as required and upon request – to support clients’ compliance. For internal processes, DPIA’s are carried out before starting any high risks processing activities.
  • Guidelines, procedures and processes are in place to handle incidents involving personal data.
  • Service agreements with our clients and suppliers (subprocessors) reflect the GDPR requirements. We seek to only engage subprocessors which provide sufficient guarantees, in particular in terms of expert knowledge, reliability and resources, and require from them to implement technical and organisational measures which meet the requirements of GDPR and our clients, including for the security of processing.
  • Trainings and awareness campaigns directed to all employees have been carried out, and all employees are required to complete the mandatory GDPR training. The trainings are being updated on an annual basis.

GDPR related technical and security measures

  • All employees have signed confidentiality statements, and it is required to adhere to internal policies.
  • Employee’s activity on and access to IT systems and physical personal data storage facilities (“Storage”) is secured, aligned with (multiple) authentication requirements and separable.
  • Employees are only performing authorized duties relevant to their respective jobs and positions.
  • Employees access rights to IT systems and storage are in line with predefined and documented business needs, and the job requirements are attached to user identities.