jump to navigation jump to main content jump to footer
Pharmacovigilance

Privacy Policy

1. Controller

The contact person and so-called controller responsible for processing your personal data within the meaning of the General Data Protection Regulation (GDPR) is:

Cranach Pharma GmbH
Luruper Chaussee 125
22761 Hamburg
E-mail: datenschutz@medios.group

 

2. Data Protection Officer

ISiCO GmbH
Am Hamburger Bahnhof 4
10557 Berlin
E-mail: medios@isico-datenschutz.de

 

3. Purpose and Legal Basis of Data Processing

We process your personal data solely for the following purposes:

  • Monitoring the safety of medicinal products and medical devices, including detection, evaluation, follow-up, and prevention of incidents as well as reporting to authorities
    (Art. 6 (1) (c), (e), Art. 9 (2) (i) GDPR in conjunction with § 22 (1) No. 1 (c) BDSG and §§ 63a ff. AMG),
  • Responding to general inquiries
    (Art. 6 (1) (f) GDPR – based on the controller’s legitimate interest in properly responding to your request and fulfilling documentation and record-keeping obligations),
  • Handling product quality complaints (e.g., efficacy, stability, safety, performance)
    (Art. 6 (1) (e) GDPR in conjunction with § 22 (1) No. 1 (c) BDSG and §§ 63a ff. AMG, and Art. 6 (1) (f) GDPR – based on the controller’s legitimate interest in maintaining product safety and quality, fulfilling due diligence obligations toward users, and preventing health risks),
  • Responding to other inquiries and improving our products and services
    (Art. 6 (1) (f) GDPR – based on the controller’s legitimate interest in maintaining a high level of customer satisfaction, continuously improving and developing products, and ensuring efficient communication with data subjects),
  • Compliance with legal, regulatory, and compliance requirements and legal defense
    (Art. 6 (1) (f) GDPR – based on the legitimate interest in ensuring legal compliance, protecting the company from legal risks, and asserting or defending legal claims).

 

4. Categories of Data Recipients

Your data may be shared with:

  • Competent national and international authorities (e.g., EMA/EudraVigilance),
  • Companies within our corporate group,
  • Service providers assisting us with the processing of reports (e.g., IT, data hosting),
  • Healthcare professionals, where necessary for assessment or follow-up,
  • The marketing authorization holders of the respective medicinal products.

 

5. Data Transfer to Third Countries

Your personal data is generally processed within Germany and the European Union. In certain cases, however, a transfer to so-called third countries (outside the EU/EEA) may be necessary.
In such cases, we ensure an adequate level of data protection, in particular through:

  • EU Commission adequacy decisions (Art. 45 GDPR), where applicable, or
  • EU Commission Standard Contractual Clauses (SCCs) (Art. 46 (2) (c) GDPR),
    supplemented by additional technical and organizational measures where necessary.

In exceptional cases—such as an acute health risk—data may also be transferred based on the derogations under Art. 49 GDPR, if this is necessary to protect significant public interests in the field of public health.

 

6. Storage Period

Your personal data will be stored for as long as necessary to fulfill statutory pharmacovigilance obligations. This may be up to 10 years after the expiry of the authorization for the relevant medicinal product or device.

 

7. Your Rights

You have the right to:

  • Access (Art. 15 GDPR),
  • Rectification (Art. 16 GDPR),
  • Erasure or restriction (Art. 17, 18 GDPR),
  • Objection (Art. 21 GDPR),
  • Withdrawal of your consent (Art. 7 (3) GDPR),
  • Data portability (Art. 20 GDPR).

These rights may be restricted due to statutory retention obligations under pharmacovigilance law.

 

8. Contact for Complaints

You have the right to lodge a complaint with a data protection supervisory authority at any time, in particular with the authority responsible for your place of residence.

Back to Top