Introduction

Through this Privacy and Data Security Policy, Celnova Pharma intends to show its commitment to comply with the regulations and legislation that derives from the treatment of the information necessary for the provision of its services and for the use of Information Technologies and Communication.

This Policy applies to any website, apps, product, software or service belonging to Celnova Pharma (collectively, our "Services").

This Policy establishes the general guidelines that Celnova Pharma must implement, complying with the regulations in force in each jurisdiction and also with the ethical standards established in our Code of Conduct.

With the promulgation of this Document, Celnova Pharma formalizes its commitment to the responsible information management process that aims to guarantee integrity and confidentiality.

Scope

This policy governs all the companies of the Celnova Pharma Group.

Each company of the Group is responsible for complying with specific regulations of the country where it is located.

How do we protect information and personal data?

At Celnova Pharma we are committed to the security of the information we handle, and the fulfilment of the relevant legal requirements. Following this line to ensure the confidentiality, availability, and integrity of the information (in particular, personal data), and the systems, networks, applications and databases, is that Celnova performs the following treatments:

  • We periodically carry out risk assessments associated with information security and the protection of personal data, analyzing our situation in the face of risk and defining action plans accordingly.
  • We define a Privacy and Data Security Policy that is mandatory for the different parties involved in the processing of information.
  • Procedures have been created for access control, security of systems and communications, management of incidents and security breaches and backup of information. If at any time this security is compromised, Celnova Pharma will act quickly, responsibly and with due diligence.
Transfers to third countries or International Organizations

The data we collect from individuals may be transferred and stored at a destination outside the Argentine territory. They may also be processed by staff members operating outside Argentina who work for us or for one of our service providers. This process is done safely and legally.

Since some countries may not have laws on the use and transfer of personal data, Celnova Pharma takes steps to ensure that third parties comply with the commitments set out in this policy. These measures may include reviewing third-party privacy and security standards.

By accepting the terms and conditions linked to this policy, the user expressly accepts and consents that Celnova Pharma transfers, totally or partially, the personal data to any of the companies of the group and/or linked to Celnova Pharma domiciled in the Argentine Republic, at the time, form and conditions it deems appropriate.

Data protection at work environment

In the field of the data of our employees, we use the necessary data to comply with legal obligations in the labor field, such as communications to social security or entities related with prevention, health and safety.

Celnova Pharma collects, stores and processes the personal data of its workers and collaborators, necessary to maintain the employment and professional relationship. Particularly, to comply with purposes such as payroll, personal management, prevention of occupational risks, taxes and social security obligations, training and professional development, time management or vacation. Celnova Pharma will collect, throughout the employment and/or professional relationship, all the necessary personal data (identification and contact, academic and professional, banking and of invoicing), being able to include those that by their nature imply a special level of protection (such as the health of workers). By virtue of the foregoing considerations, personal data obtained through resumes or job applications that are sent through the corresponding forms on our website, LinkedIn, or in person are also considered. In general, this information (may include, identification data, contact, academic and professional data) is kept only for the time that is necessary to process your application.

Consent and/or authorization to obtain the data

For the processing of personal and/or sensitive data it is necessary that the owner has given his consent in a free, express and informed manner. Such consent must be written, or by another means that is equated to it, according to the circumstances. The consent given with other statements, must appear expressly, prior notification to the data requester.

Rights of the owner of personal data
  • Right to information
    Any person may request information regarding the existence of files, records, databases or personal data banks, their purposes and the identity of those responsible.
  • Right of access
    The owner of the data, has the right to request and obtain information from his personal data included in public or private databases intended to provide reports.
  • Information provided to the owner of the personal data
    The information must be clear, the language must be accessible to the average knowledge of the population.
    In no case may the report reveal data of third parties, even if they are linked to the interested party.
    The information, at the option of the owner, may be provided in writing or by electronic means.
  • Right to rectification, updating or deletion
    Everyone has the right to rectified, updated and, where appropriate, deleted or subject to confidentiality their data.
    The person in charge or user of the data bank, must proceed to the rectification, deletion or update of the personal data of the affected party, carrying out the necessary operations for this purpose within a maximum period of ten (10) business days of receiving the claim of the owner of the data or warned of the error or falsehood.
    The deletion does not proceed when it could cause damage to the rights or legitimate interests of third parties, or when there is a legal obligation to keep the data.
    During the process of verification and rectification of the error or falsity of the information in question, the person in charge or user of the database must either block the file, or record when providing information related to it the circumstance that is subjected to review.

 

Training

To guarantee the dissemination of this Policy and its correct understanding by the staff of Celnova Pharma, it is necessary to carry out periodic awareness and training activities on the protection of personal data.

Control and Continuous improvement

Celnova Pharma carries out internal controls in order to ensure compliance with this policy and suggest possible changes for a continuous improvement of the mechanisms of collection, security and processing of personal data.

Storage period of the personal data

The time of data storage will vary in relation to the purpose for which it was collected and processed. In most cases, we will keep your data for a period of three (3) years from the last interaction with you. However, we may retain your data for a longer period, if there is a legal requirement. For example, pharmacovigilance reports are kept for a minimum period of 10 years after the product is recalled from the market in the last country where the product was placed on the market.

In accordance with the above considerations, we add that personal data must be kept for the periods provided for in the provisions applicable or, where appropriate, in the contractual ones between the person in charge or user of the data bank and the owner of the data.

The data must be destroyed when they are no longer necessary or relevant to the purposes for which they were collected.

Privacy and Minors

Our websites are aimed at adult audiences, over 18 years of age. In the event that any minor has access to them, their use must be supervised by parents, guardians or legal guardians. To clarify, children under 18 years of age are not allowed to enter the site and/or service, as well as provide any personal data, or any other type of information.

Privacy and Healthcare Professionals

Celnova Pharma can create databases regarding health professionals with the following purpose:

  • Statistics, scientists, exchange of scientific information and integrate general information related to medical practice.
  • Invite healthcare professionals to participate in promotional events and/or medical education events.
  • Send notifications, news, promotional and educational material, within the parameters permitted by applicable law.
  • Prepare analyses to determine the effectiveness of our programs, send or deliver patient support materials and deliver promotions.
  • Carry out inspections by authorities: internal and external.
  • Contact you by electronic means, such as email, cell phone, mobile applications, instant messaging, and/or through visits to your work home for the purpose of sending you informative communications for promotional purposes and Educational.
  • Participate in disease awareness programs.
  • Develop new products and services, know the market and the performance of the company within it.
Updates to the privacy and data Security Policy

Celnova Pharma may update or modify this Privacy and Data Security Policy at any time. All the modifications that are made will be reflected on the website.

Information Security

Information must always be protected, whatever its form of being, shared, communicated or stored.

Information may exist in different forms: printed, written on paper, stored electronically, transmitted by mail or electronic means, displayed in projections or in oral form in the conversations.

About Information Security

Information security is understood as the preservation, assurance and compliance with the points mentioned below:

  • Confidentiality: Information assets can only be accessed and guarded by users who have permissions to do so. These authorizations are granted to a suitable person regarding the subject matter.
  • Integrity: The content of information assets must remain unchanged and complete. Modifications must be recorded ensuring their reliability.
  • Availability: Information assets can only be obtained in the short term by users who have the permissions/access.

Information security objectives:

  • Understand the security risks.
  • Protecting the confidentiality of patient related information and development plans.
  • Our public access website and internal networks meet the required availability specifications.
  • Understand and cover the needs of all stakeholders.
  • All staff will be informed and responsible for information security, as relevant to the performance of their work.
  • Reports will be made with information on the security situation.

All abovementioned points should support the identification of risks through the provision of controls.

The goal of the policy is to protect the organization's information assets against all internal and external threats and vulnerabilities, whether they occur deliberately or accidentally.

Celnova Pharma implements all the necessary measures to maintain the security of the personal information provided by suppliers, customers, employees or volunteers, contemplating the internal technical and organizational measures necessary to guarantee the security and confidentiality of the data, trying by all means to prevent unauthorized access to them.

Applicable Jurisdiction

This Policy is governed by the legislation in force in the Argentine Republic to the exclusion of any rule of its system of international law and/or any other rule that refers to the application of any foreign law. Therefore, any conflict related to this Policy must be resolved by the Ordinary National Courts of the Federal Capital, renouncing visitors to any other jurisdiction that may be competent.

Contact

If you have any questions or concerns about how we treat and use your personal data, or if you would like to exercise any of your rights mentioned above, please contact us at compliance@celnova.com

Celnova has an area in charge of processing doubts, petitions, complaints and/or claims. In case of doubts or if you would like us to update, correct, delete or rectify your data, please contact us, using the following alternatives:

  • By sending a letter to the following address:
    Celnova Pharma
    Talcahuano 461 - Villa Martelli – Vicente López
    Buenos Aires l Argentina
    Zipcode: 1603
  • Sending an email to the email box:
    compliance@celnova.com

Celnova will process the note within ten (10) business days of receiving it and will send its response through the contact details contained in the note. To comply with these requests, the owner of the data must provide all the necessary information (contact telephone number, mail, full name, ID) and establish precise and detailed way what right you want to exercise. Celnova Pharma will treat the request made within the deadlines provided above.

Glossary
  1. Computerized data: Personal data submitted to electronic or automated processing.
  2. Personal data: Information of any kind referring to natural persons or of ideal existence determined or determinable.
  3. Sensitive data: Personal data revealing racial and ethnic origin, political opinions, religious, philosophical or moral convictions, trade union membership, income and information relating to health or sex life.
  4. File, records, base or database: Indistinctly, they designate the organized set of personal data that is subjected to treatment or processing, electronic or not, whatever the modality of its formation, storage, organization or access
  5. Data processing: Systematic operations and procedures, which allow the collection, conservation, management, storage, modification, relationship, evaluation, blocking, destruction, and in general the processing of personal data, as well as its transfer to third parties through communications, consultations, interconnections or transfers.
  6. Computerized data: Personal data submitted to electronic or automated processing.