Privacy Policy

This policy governs all the companies of the Celnova Pharma Group.

Each company of the Group is responsible for complying with specific regulations of the country where it is located.

At Celnova Pharma we are committed to the security of the information we handle, and the fulfilment of the relevant legal requirements. Following this line to ensure the confidentiality, availability, and integrity of the information (in particular, personal data), and the systems, networks, applications and databases, is that Celnova performs the following treatments:

• We periodically carry out risk assessments associated with information security and the protection of personal data, analyzing our situation in the face of risk and defining action plans accordingly.
• We define a Privacy and Data Security Policy that is mandatory for the different parties involved in the processing of information.
• Procedures have been created for access control, security of systems and communications, management of incidents and security breaches and backup of information. If at any time this security is compromised, Celnova Pharma will act quickly, responsibly and with due diligence.

Los datos que reunimos de las personas pueden ser transferidos y almacenados en un destino fuera del territorio argentino. También podrían ser procesados por miembros del personal que operan fuera de Argentina que trabajan para nosotros o para uno de nuestros proveedores de servicios. Este proceso se realiza de manera segura y legal. Dado que algunos países podrían no tener leyes sobre el uso y transferencia de datos personales, desde Celnova Pharma adoptamos medidas para asegurar que los terceros cumplan con los compromisos establecidos en esta política. Estas medidas pueden incluir revisar los estándares de privacidad y seguridad de los terceros.

Mediante la aceptación de los términos y condiciones vinculados a esta política, el usuario expresamente acepta y consiente que Celnova Pharma ceda o transfiera, total o parcialmente, los datos personales a cualquiera de las sociedades del grupo y/o vinculadas a Celnova Pharma domiciliados en la República Argentina o en el exterior, a cualquier título y en el momento, forma y condiciones que estime pertinentes.

The data we collect from individuals may be transferred and stored at a destination outside the Argentine territory. They may also be processed by staff members operating outside Argentina who work for us or for one of our service providers. This process is done safely and legally.

Since some countries may not have laws on the use and transfer of personal data, Celnova Pharma takes steps to ensure that third parties comply with the commitments set out in this policy. These measures may include reviewing third-party privacy and security standards.

By accepting the terms and conditions linked to this policy, the user expressly accepts and consents that Celnova Pharma transfers, totally or partially, the personal data to any of the companies of the group and/or linked to Celnova Pharma domiciled in the Argentine Republic, at the time, form and conditions it deems appropriate.

In the field of the data of our employees, we use the necessary data to comply with legal obligations in the labor field, such as communications to social security or entities related with prevention, health and safety.

Celnova Pharma collects, stores and processes the personal data of its workers and collaborators, necessary to maintain the employment and professional relationship. Particularly, to comply with purposes such as payroll, personal management, prevention of occupational risks, taxes and social security obligations, training and professional development, time management or vacation. Celnova Pharma will collect, throughout the employment and/or professional relationship, all the necessary personal data (identification and contact, academic and professional, banking and of invoicing), being able to include those that by their nature imply a special level of protection (such as the health of workers). By virtue of the foregoing considerations, personal data obtained through resumes or job applications that are sent through the corresponding forms on our website, LinkedIn, or in person are also considered. In general, this information (may include, identification data, contact, academic and professional data) is kept only for the time that is necessary to process your application.

For the processing of personal and/or sensitive data it is necessary that the owner has given his consent in a free, express and informed manner. Such consent must be written, or by another means that is equated to it, according to the circumstances. The consent given with other statements, must appear expressly, prior notification to the data requester.

• Right to information
  Any person may request information regarding the existence of files, records, databases or personal data banks, their purposes and the identity of those responsible.
• Right of access
  The owner of the data, has the right to request and obtain information from his personal data included in public or private databases intended to provide reports.
• Information provided to the owner of the personal data
  The information must be clear, the language must be accessible to the average knowledge of the population.
  In no case may the report reveal data of third parties, even if they are linked to the interested party.
  The information, at the option of the owner, may be provided in writing or by electronic means.
• Right to rectification, updating or deletion
  Everyone has the right to rectified, updated and, where appropriate, deleted or subject to confidentiality their data.
  The person in charge or user of the data bank, must proceed to the rectification, deletion or update of the personal data of the affected party, carrying out the necessary operations for this purpose within a maximum period of ten (10) business days of receiving the claim of the owner of the data or warned of the error or falsehood.
  The deletion does not proceed when it could cause damage to the rights or legitimate interests of third parties, or when there is a legal obligation to keep the data.
  During the process of verification and rectification of the error or falsity of the information in question, the person in charge or user of the database must either block the file, or record when providing information related to it the circumstance that is subjected to review.

To guarantee the dissemination of this Policy and its correct understanding by the staff of Celnova Pharma, it is necessary to carry out periodic awareness and training activities on the protection of personal data.

Celnova Pharma carries out internal controls in order to ensure compliance with this policy and suggest possible changes for a continuous improvement of the mechanisms of collection, security and processing of personal data.

The time of data storage will vary in relation to the purpose for which it was collected and processed. In most cases, we will keep your data for a period of three (3) years from the last interaction with you. However, we may retain your data for a longer period, if there is a legal requirement. For example, pharmacovigilance reports are kept for a minimum period of 10 years after the product is recalled from the market in the last country where the product was placed on the market.

In accordance with the above considerations, we add that personal data must be kept for the periods provided for in the provisions applicable or, where appropriate, in the contractual ones between the person in charge or user of the data bank and the owner of the data.

The data must be destroyed when they are no longer necessary or relevant to the purposes for which they were collected.

Our websites are aimed at adult audiences, over 18 years of age. In the event that any minor has access to them, their use must be supervised by parents, guardians or legal guardians. To clarify, children under 18 years of age are not allowed to enter the site and/or service, as well as provide any personal data, or any other type of information.

Celnova Pharma can create databases regarding health professionals with the following purpose:

• Statistics, scientists, exchange of scientific information and integrate general information related to medical practice.
• Invite healthcare professionals to participate in promotional events and/or medical education events.
• Send notifications, news, promotional and educational material, within the parameters permitted by applicable law.
• Prepare analyses to determine the effectiveness of our programs, send or deliver patient support materials and deliver promotions.
• Carry out inspections by authorities: internal and external.
• Contact you by electronic means, such as email, cell phone, mobile applications, instant messaging, and/or through visits to your work home for the purpose of sending you informative communications for promotional purposes and Educational.
• Participate in disease awareness programs.
• Develop new products and services, know the market and the performance of the company within it.

Celnova Pharma may update or modify this Privacy and Data Security Policy at any time. All the modifications that are made will be reflected on the website.

Information must always be protected, whatever its form of being, shared, communicated or stored.

Information may exist in different forms: printed, written on paper, stored electronically, transmitted by mail or electronic means, displayed in projections or in oral form in the conversations.

About Information Security

Information security is understood as the preservation, assurance and compliance with the points mentioned below:

• Confidentiality: Information assets can only be accessed and guarded by users who have permissions to do so. These authorizations are granted to a suitable person regarding the subject matter.
• Integrity: The content of information assets must remain unchanged and complete. Modifications must be recorded ensuring their reliability.
• Availability: Information assets can only be obtained in the short term by users who have the permissions/access.

Information security objectives:

• Understand the security risks.
• Protecting the confidentiality of patient related information and development plans.
• Our public access website and internal networks meet the required availability specifications.
• Understand and cover the needs of all stakeholders.
• All staff will be informed and responsible for information security, as relevant to the performance of their work.
• Reports will be made with information on the security situation.

All abovementioned points should support the identification of risks through the provision of controls.

The goal of the policy is to protect the organization's information assets against all internal and external threats and vulnerabilities, whether they occur deliberately or accidentally.

Celnova Pharma implements all the necessary measures to maintain the security of the personal information provided by suppliers, customers, employees or volunteers, contemplating the internal technical and organizational measures necessary to guarantee the security and confidentiality of the data, trying by all means to prevent unauthorized access to them.

This Policy is governed by the legislation in force in the Argentine Republic to the exclusion of any rule of its system of international law and/or any other rule that refers to the application of any foreign law. Therefore, any conflict related to this Policy must be resolved by the Ordinary National Courts of the Federal Capital, renouncing visitors to any other jurisdiction that may be competent

If you have any questions or concerns about how we treat and use your personal data, or if you would like to exercise any of your rights mentioned above, please contact us at compliance@celnova.com

Celnova has an area in charge of processing doubts, petitions, complaints and/or claims. In case of doubts or if you would like us to update, correct, delete or rectify your data, please contact us, using the following alternatives:

• By sending a letter to the following address:
  Celnova Pharma
  Talcahuano 461 - Villa Martelli – Vicente López
  Buenos Aires l Argentina
  Zipcode: 1603
• Sending an email to the email box:
  compliance@celnova.com

Celnova will process the note within ten (10) business days of receiving it and will send its response through the contact details contained in the note. To comply with these requests, the owner of the data must provide all the necessary information (contact telephone number, mail, full name, ID) and establish precise and detailed way what right you want to exercise. Celnova Pharma will treat the request made within the deadlines provided above.

1. Computerized data: Personal data submitted to electronic or automated processing.
2. Personal data: Information of any kind referring to natural persons or of ideal existence determined or determinable.
3. Sensitive data: Personal data revealing racial and ethnic origin, political opinions, religious, philosophical or moral convictions, trade union membership, income and information relating to health or sex life.
4. File, records, base or database: Indistinctly, they designate the organized set of personal data that is subjected to treatment or processing, electronic or not, whatever the modality of its formation, storage, organization or access
5. Data processing: Systematic operations and procedures, which allow the collection, conservation, management, storage, modification, relationship, evaluation, blocking, destruction, and in general the processing of personal data, as well as its transfer to third parties through communications, consultations, interconnections or transfers.
6. Computerized data: Personal data submitted to electronic or automated processing.