Egis | GDPR.

Privacy Policy of Egis Gyógyszergyár Zrt. (summary)

Last update: 1 October 2019

General Provisions and Contact Details

This document is a short summary of the Privacy Notice of Egis Gyógyszergyár Zártkörűen Működő Részvénytársaság (“Egis”) related to its customers, clients, contact persons of its contracting partners, recipients of its marketing communications, visitors of its plant units and other facilities and other data subjects. Each circumstances of data processing is described in more detail in the full version of the Privacy Notice.

Please note that only the full version of the Privacy Notice may be regarded as comprehensive information on the data processing carried out by Egis. This summary only enables you to understand the full Privacy Notice more easily.

Main contact details of Egis: 1106 Budapest, Keresztúri út 30-38., +36 1 803-5555, mailbox@egis.hu, and in privacy issues: adatvedelem@egis.hu or gdpr@egis.hu and the website at hu.egis.health.

Scope of Data processed and the purpose of data processing

Egis is basically engaged in the personal data processing activities listed below. The full version of the Privacy Notice contains the detailed description of data processing activities carried out by Egis, including the exact data retention periods. Certain data, such as the data which form part of documents that support accounting or appear in documents related to the conclusion of agreements between Egis and customers (e.g. purchase orders) or invoices issued, shall be kept by Egis for 5 years in accordance with the taxation laws or for 8 years in accordance with the accounting laws. In general the staff of the competent business divisions of Egis have access to data.

Last update: 1 October 2019

Administering requests of private individuals for support and responding to relevant persons.	Name, contact details (email address, phone number), family circumstances, illness related data.
Ensuring interactive participation in the course of a visit to ETTK (Egis Science and Technology Centre).	Names, email addresses of visitors of ETTK, which data is processed to enable the visit and for information purposes. And if so consented, scores achieved in games and photos taken in the simulator will be sent to the personal e-mail address.
Taking photos and making videos and other media materials (e.g. interviews) by Egis’ internal and external communications departments (e.g. on events, meetings, visits organized by Egis or its partners or visits to the ETTK (Egis Science and Technology Centre) or when making interviews).	Photos taken and videos made by Egis’ internal and external communications departments or external partners (e.g. during events, meetings, visits organized by Egis or its partners, or in the course of visits to the ETTK (Egis Science and Technology Centre), or during interviews) and any other photos, videos and other media material provided by the relevant individuals. Photos are taken or videos are made by subcontractors (data processors).
Data processing related to the participation in the sweepstakes announced by Egis.	Data processing related to the participation in the sweepstakes announced by Egis’ external communication departments. Processed data: name, contact details, address. The winner’s data will be retained for 8 years as it is required by the Accounting Act.

In general Egis processes data until the relevant individual withdraws consent, failing this until Egis responds or until Egis is in contact with the relevant individual or in the case of a report on adverse reactions, until the time prescribed by law, the data obligatory for identification purposes and processed during the visit at ETTK, will be deleted following the visit.

More information: Data processing operations in the course of the external communications of Egis – administering requests of private, visit to Egis Science and Technology Centre, taking photos and making videos, participation in sweepstakes announced by Egis.

Last update: 13 May 2021

Obtaining official licences and permits and complying with notification obligations necessary for Egis’ activity.

Names, mother’s names upon birth, places and dates of birth, gender, citizenship, addresses of authority stakeholders and their deputies, the corporate official responsible for protection from radiation, company drug and drug precursor, professional qualifications with diploma numbers. Data are transferred to the competent authorities in the event of requests for data provision, typically to the following recipients: National Police Headquarters, National Nuclear Energy Authority, National Institute of Pharmacy and Nutrition (“OGYÉI”), geographically competent Government Offices. Egis processes data while the relevant position is held.

Keeping records on certificates of fire protection exams of employees and external partners for legal compliance purposes.

Names of the employees of contracting partners, number and validity of the certificate of the fire protection exam. Egis processes data for 3 years after the termination of employment or, in the case of contractual relationships, for 5 years.

More information: Data processing for environmental and operating security purposes

Last update: 1 October 2019

Processing of the data of healthcare professionals (“HCPs”) and representatives and contact persons of healthcare organizations (“HCOs”), calculation of benefits to be provided by Egis, performance and keeping records of agreements, data processing related to visits to physicians, sales talks with pharmacies, transparency obligations.

Processing data based on which benefits to HCPs and HCOs are calculated.	In the case of HCPs: Name, area of specialization, research, occupation/practice area (country) of the relevant HCP, name and address of his/her workplace/practice area, job/position, other public professional mandates, organizational membership (e.g. member/chairperson of the professional committee), number of publicly available publications, lectures and other relevant information relating thereto (including, in particular, the title, language, content, date of appearance of the publication or lecture, name of the relevant journal or periodical, conference or forum providing a frame for the lecture), public resume or curriculum vitae submitted to Egis, and the amount of the benefit calculated and the ID of the HCP used when the benefit is calculated or the related data is processed, as well as the recording by Egis of these data in the form provided by the Servier Group. In the case of the representatives and contact persons of HCOs: name and contact details of the relevant representative, contact person (including in particular email address, telephone number, position as much as necessary for addressing him/her), in the event of the HCP’s membership, the HCP’s data indicated above and the amount of benefit calculated. Data retention period: 5 years.
Processing the personal data of the relevant individuals as much as necessary for the performance of agreements with HCPs and HCOs.	In the case of HCPs: name and contact details of the relevant individual (including in particular email address, telephone number, position as much as necessary for addressing him/her), the amount of his/her benefit and billing data and any other data indicated in the agreement. In the case of the representatives and contact persons of HCOs: name and contact details of the relevant representative, contact person (including in particular email address, telephone number, position as much as necessary for addressing him/her), the amount of his/her benefit and billing data and any other data indicated in the agreement. Data retention period: 5 years.
Keeping records of agreements in a digital database.	Name, address, individual ID (stamp) of the healthcare professional, tax number, subject matter and terms and conditions of the agreement. Partner Management Tanácsadó Kft. supports digitalization (scanning, document filing) as a data processor.
Decisions on awarding benefits for participation in professional events and conferences.	Applicant’s name, stamp number/registration number, mother’s name upon birth, place and date of birth, address, telephone number, email address, name and address of workplace, position, education, qualification, languages spoken, professional corporate membership, membership in the continuing education centre, application for support and its justification. Name, venue, dates of the relevant event/course.
Planning, arranging, measuring and evaluating the effectiveness of visits to physicians, preparing and keeping up to date the partner registry required for promotion of medicinal products and maintaining contact with physicians.	Data of HCPs (physicians) and information specified by laws and external and internal policies in respect of the pharmaceutical activity. Medical sales representatives record the following data: place and time of the visit, products presented. Other: Employee data of the Medical Sales Representative, Regional Manager (name, email at work, line, registration number (PIN).
Sending out promotional materials and newsletters by mail, phone, email or SMS.	Data of HCPs (physicians), workplace, position.
Sending customized communication - customized promotional materials, newsletters and professional communication by mail, phone, email or SMS and customizing the planning of visits to HCPs.	Information provided to Egis in connection with the use of the www.egismed.hu website, answers given to market research questions, feedback during visits, etc., other publicly available data related to professional interests (scientific publications, communiqués, lectures on congresses, professional corporate membership etc.).
Keeping records of attendance sheets of events and roundtable talks organized by Egis medical sales representatives.	Data on the attendance sheets of events and roundtable talks organized by Egis.
Sending out invitations to events and roundtable talks organized by Egis.	Contact details of the relevant individuals who Egis intends to invite and any other data and contact details provided by them in relation to participation.
Planning, organizing and measuring the success of pharmacy sales talks, compiling and keeping up to date the partner registry necessary for Egis’ sales representation in pharmacies and keeping in touch with the professionals concerned.	Data of relevant professionals and information specified by laws and external and internal policies in respect of the pharmaceutical activity. During pharmacy visits, sales representatives record the following data: places, times of visits, personal experience, market demands and orders.
Complying with disclosure obligations on the Egis website under the Generic Pharmaceutical Transparency Code for the Disclosure of Benefits to Healthcare Professionals and Healthcare Organizations.	The name, address, tax identification number, individual identifier (stamp/registration number) of the healthcare professional receiving the support, name and address of his/her workplace, telephone number at work, type and amount of benefit and source documents thereof in order to track the scope of recipients and the amounts of support.
Disclosing benefit-related information under the EFPIA Transparency Code and the Code for Cooperation with Patient Organizations.	The following benefits fall inter alia within the scope of the transparency obligation: · registration fee; · travelling and accommodation costs; · costs of services; · related expenses comprised in fees paid under service or consultancy agreements. In the case of HCPs: name, position, ID, address of primary place of work of the data subject, amount and title of benefit paid and indication of the calendar year concerned. In the case of HCOs, representatives and contact persons of patient organizations: name and contact details (if any) of the representative or contact person concerned.

Egis processes exclusively employment related data generally for 3 years after the termination of employment and other data (e.g. related to contractual relationships) for 5 years.

More information:Processing of the data of healthcare professionals

Last update: 1 October 2019

Processing personal data of the principal investigator required to conduct and officially authorize non-interventional trials.	Professional curriculum vitae of the coordinating principal investigator, statement of intent by the principal investigator or coordinating principal investigator in which he/she undertakes, if the trial is authorized, to implement the trial plan known to him/her in accordance with its terms and the terms of the authorization decision; data included in the service agreement entered into with the principal investigator who is a private individual for the performance of the tasks of the NIT principal investigator: principal investigator’s name, address, tax number, registration number, bank account number. The investigator’s name, address of his/her workplace, and professional curriculum vitae will be transferred to the National Institute of Pharmacy and Nutrition (OGYÉI) during the NIT authorization process.
Processing personal data of the investigator required to conduct and officially authorize non-interventional trials (NIT).	Data included in the investigator’s service agreement entered into with the investigator who is a private individual for the performance of the tasks of the NIT investigator: investigator’s name, address, tax number, registration number, bank account number. The name of the physician participating in the trial and the address of his/her workplace/business/place of private practice will be transferred to the National Institute of Pharmacy and Nutrition (OGYÉI) during the NIT authorization process.
Obtaining a ruling from the OGYÉI-ETT-TUKEB (Healthcare Scientific Council-Scientific Research Ethics Committee) for NIT authorization.	The names of physicians participating in the trial and the addresses of their workplaces/businesses/places of private practice will be transferred to the National Institute of Pharmacy and Nutrition (OGYÉI).
Medical verification of the patient monitoring data forms (that contain the anonymized trial data).	Name and stamp number of the physician in charge of investigation in the data form of each patient involved by the physician in the trial. WeB2 Research Kft. provides hosting services as a data processor.
Providing access to the program that manages electronic patient data forms (eCRF) for NIT with electronic data input.	Name, email address and stamp number of the clinical trial physician. WeB2 Research Kft. provides hosting services as a data processor.
NIT Master File: storing main investigator’s documents necessary for the trial.	The names and address of investigator who is a private individual (workplace/place of private practice/business) in the report form used at the trial site, data included in the service agreement entered into with the investigator who is a private individual: name, address, tax number, registration number, bank account number.

In general Egis processes the above data for 5 years.

More information: Data processing related to non-interventional trials (NIT)

Last update: 1 October 2019

Data processing for the purposes of medical science – reception and investigation of adverse reactions/adverse events/incidents/special situations related to medicines, cosmetics, medical devices, operation of a scientific information service, involvement in market research, monitoring of websites and social media platforms operated by Egis.

Receiving, evaluating, following up as necessary, storing and, where appropriate, reporting to the European Medicines Agency (EMA)/national authorities and/or to contractual partners, any pharmacovigilance adverse events/adverse reactions and special situations related to medicinal products.

Data provided by the data provider on a voluntary basis. Typically: name, age, gender, name of medicinal product used, illness, treatments applied, test results, complaints; if the data provider is not the patient, the name and contact details of that person as well as the name, contact details, age, gender, data concerning medicines taken, illness of the patient treated by him/her, treatments applied, laboratory results, test results, complaints are also processed by Egis.

During a regulatory inspection or partner audit, the authority or Egis’ partner also has access to the data.

Data retention period: 10 years after the expiry of the marketing authorisation of the product.

Receiving, evaluating, following up as necessary, storing and reporting, as necessary, any adverse events (hereinafter referred to as cosmetovigilance) of cosmetic products to national authorities and/or contractual partners.

Data provided by the data provider on a voluntary basis. Typically: name, age, gender, name of medicinal product used, illness, treatments applied, test results, complaints; if the data provider is not the patient, the name and contact details of that person as well as the name, contact details, age, gender, data concerning medicines taken, illness of the patient treated by him/her, treatments applied, laboratory results, test results, complaints are also processed by Egis.

During a regulatory inspection or partner audit, the authority or Egis’ partner also has access to the data.

Date retention period: 10 years from the date when the last cosmetic product was put on the market.

Receiving, evaluating, following up as necessary, storing and reporting, as necessary, any medical device incidents (medical device vigilance) to national authorities and/or contractual partners.

Data provided by the data provider on a voluntary basis. Typically: name, age, gender, name of medicinal product used, illness, treatments applied, test results, complaints; if the data provider is not the patient, the name and contact details of that person as well as the name, contact details, age, gender, data concerning medicines taken, illness of the patient treated by him/her, treatments applied, laboratory results, test results, complaints are also processed by Egis.

During a regulatory inspection or partner audit, the authority or Egis’ partner also has access to the data.

Data retention period: 10 years after the last device was put on the market, 15 years for implantable devices.

Evaluating and storing vigilance trainings and training-related tests provided to Egis’ contractual partners and persons acting on behalf of its subsidiaries, receiving the notifications set out in points 1–3 of hereof.

Scope of processed data: e-mail address, signed declarations (of having mastered the procedure complying with the training provided by Egis), test results.

During a regulatory inspection or partner audit, the authority or Egis’ partner also has access to the data.

Data retention period: 5 years after the end of the lifetime of the vigilance system.

Operating a scientific information service where anyone (especially physicians, patients) can inquire about Egis products.

Scope of processed data: data provided in the question or notification, particularly:

Name, contact details of the enquirer/declarant and his relationship with the patient.

3 years after the calendar year of the response.

Handling of messages received on the Egis Scientific Information Service’s answering machine.

Scope of processed data: the voice of the data subject, the information, questions, data shared by him, in particular his name, contact details, the name of the product used, the record of the notification.

The data subject may choose other forms of communication (e.g., send an e-mail to help@egis.hu or a letter to the registered office of Egis), or contact Egis by telephone during working hours (in this case, the answering machine is not activated and no recording is made).

Data retention period: The form completed on the vigilance notification will be retained for the retention period set out in the relevant section of this notice, while the audio recording will be deleted within 15 days after drawing up the form.

Data processing related to the involvement and participation in Egis sponsored market research related to the use of Egis products, the habits and attitudes of patients and doctors.

Scope of processed data: name, contact details (usually e-mail address, phone number), signed declaration (to participate in market research), data shared during the market research, information that can be linked to the data subject, possible health data, medical history, experience shared.

If the market research is conducted in the online space: in addition to the above, also photo and voice. In the case of recording, the content of the recording.

Data retention period: where a notification under points 1–3 is made, the data retention period set out in the relevant sections of this notice shall apply.

In the case of other documents: 5 years after the termination of the contractual relationship.

Monitoring, recording and, if necessary, follow-up of the notifications received on the websites and social media platforms operated and maintained by Egis (Facebook, Instagram, YouTube and LinkedIn) in accordance with points 1–3 hereof.

Egis will place a notice on the sites subject to monitoring, informing the data subjects how and where they can submit a notification.

Scope of processed data: provided personal data; typically: name (user name), email address, age, name of medicinal product used, illness, complaints; if the data provider is not the patient, the name and contact details of that person as well as the data provided by him/her are also processed by Egis.

Entries, comments and messages with vigilance content will be recorded by Egis in the form of print screen.

Data retention period: it shall be governed by the data retention period applicable to the product type stipulated herein.

More information:

Data processing for the purposes of medical science – reception and investigation of adverse reactions/adverse events/incidents/special situations related to medicines, cosmetics, medical devices operation of a scientific information service, involvement in market research, monitoring of websites and social media platforms operated by Egis

Last update: 12 May 2021

Operating the entry control system: recording the times and places of entering and leaving the Egis headquarters, sites, branch, including the individual buildings by means of registered entry cards.	In the event of a security problem that may arise (e.g. theft, burglary), Egis may inspect entries to offices and other premises. In addition, in the event of any emergency (e.g. fire alarm), Egis will also gather information through this on the actual location of persons who entered Egis’ territory. In the case of single entries (by means of a guest card - the guest card is validated for one day, at 18:00 that day the card authorization expires) Egis deletes the movement data 24 hours after the departure. Egis keeps the data recorded upon entry for 1 month. In the case of regular card use, Egis deletes the movement data after 6 months or 24 hours after the card authorization expires. Egis deletes the data recorded upon entrance 8 years after the card deposit fee is refunded.
Operation of a security camera system for the protection of property and for the protection of life and bodily integrity.	Recordings made of the persons entering the Egis headquarters, sites, branch and staying in the areas indicated in the separate notice, the time of recording and the conclusions that can be drawn from the recordings. Data retention period: up to 30 days from the time of recording.
Operating a drug technology camera system to ensure the protection of consumers’ life, bodily integrity and health.	Recordings made of the persons entering the Egis headquarters, sites, branch and staying in the areas indicated in the separate notice, the time of recording and the conclusions that can be drawn from the recordings. Data retention period: up to 180 days from the time of recording.
Conducting breathalyser tests for the protection of property and for the protection of life and bodily integrity.	Relevant individuals: persons entering the Egis headquarters, sites, branch, witnesses involved in the test and persons carrying out the test. Scope of data: name, date of birth, signature of the person subject to a breathalyser test, findings of breathalyser test, and, if so requested by the person tested, blood test result, names, registration numbers and signatures of assisting witnesses, name and signature of person carrying out the test. Data retention period: 5 years. In the case of a test with negative result: 1 year.
Baggage and cabinet inspection for the protection of property and for the protection of life and bodily integrity.	Relevant individuals: persons entering the Egis headquarters, sites, branch, witness involved in the inspection and persons carrying out the inspection. Scope of data: the name, date of birth and signature of the person subject to the inspection, the findings of the inspection, the action taken based on the findings of the inspection, any comment(s) of the person concerned on the inspection and the action taken as a result, the name, registration number and signature of the assisting witness, the name of the inspector, his/her position, the name of the organizational unit in which he/she is employed and his/her signature, as well as the place and date of the minutes taken (including the conclusion therein). Data retention period (if not followed by any procedure): 5 years or in the event of a crime, until punishability lapses. In the case of an inspection with negative result: 1 year.
Recording the data of van and truck drivers entering the Egis sites and branch for freight transport.	Data of drivers entering the Egis headquarters, sites, branch employed by a company that carries out freight transport for Egis on the basis of an agreement. Scope of data: name of the driver and the type and number of his/her identification document. Data retention period: 1 years.

More information: Data processing for security purposes

Last update: 7 June 2022

Previous version: Data processing for security purposes: operation of entry control systems, camera systems, breathalyser test, baggage and cabinet control /01102019-06062022/

Sending promotional materials and newsletters by mail, phone, email or SMS.	For example: paper based direct marketing campaign, SMS based promotional campaign, email newsletter, marketing communication with visited physicians and key opinion leaders, other professionals, distribution of Egis publications (Bekopogtató, Lélekemelő), sending Egis VIP Pharmacy Newsletter. Scope of data processed: name, date of birth, mobile phone number, landline phone number, email address, workplace, position, address of the recipient. Editing of the newsletters and technical tasks and assistance related to their posting may be performed by Egis’ contractual partners as a data processors.
Professional communication with decision-makers and decision promoters of authorities (in person, by phone, email).	Name, mobile phone number, landline telephone number, email address, workplace, position of the decision-makers and decision promoters of authorities.
Providing support for the scientific training of physicians in order to participate in professional congresses.	Name, stamp number, mother’s name upon birth, place and date of birth, address, telephone number, email address, name and address of workplace, position, education/qualification, language skills, professional corporate membership of the physicians receiving the support, the training centre of which he/she is a member. A report may be made on the data to the National Institute of Pharmacy and Nutrition (OGYÉI).
Managing speaker, article writing and Advisory Board agreements with private entrepreneurs.	Phone number, email address of private entrepreneurs with speaker, article writing and Advisory Board agreements and other details included in speaker agreements (such as professional area of the individual). IT devices storing the agreements are operated by the following companies as data processors: SAP Hungary Kft., EasyCon Tanácsadó Kft., DXC Technology Enterprice Services Kft., Itelligence Hungary Informatikai Kft.
Giving notice of events to the National Institute of Pharmacy and Nutrition (OGYÉI).	In order to meet transparency requirements imposed by law. For example: Egis organized event, CNS (Central Nervous System) club, hospital meeting (an event held in a hospital for physicians), roundtable (event at an external venue for physicians) - names of the participants of the event (HCPs, physicians). The data are uploaded to the website of the National Institute of Pharmacy and Nutrition (OGYÉI) at www.ogyei.gov.hu (preliminary report).
Verifying attendance of the event in order to meet transparency requirements imposed by law.	Verification of the name, stamp number, workplace of the persons participating in the event (HCPs, physicians), the name of the event, the amount of the supports granted in connection with the event and the name of the sponsor of the event. Egis transfers the data to OGYÉI upon request.
Registration on a professional website (www.szakmai.nyugodtlelekkel.hu).	Name, stamp number or registration number, email address of the person registering on the professional website. Data are collected and the website is developed by Square Lime Solutions Kft. (1037 Budapest, Mátyáshegyi köz 9.; office@squarelime.hu) as a data processor.
Keeping records of stakeholders.	Stakeholder mapping (market access) - name, position, landline or mobile telephone number, email address of the points of contact at authorities (“stakeholder”).
Recommending centres and investigators for clinical trials to the Egis Medical Directorate.	Name, position, landline and mobile telephone number, email address of investigators affected by recommendations.
In the case of products containing a biological active substance (biosimilar - i.e. replicas of medicinal products containing an authorized biological active substance), delivering educational materials to the patient’s medical specialist and its verification to OGYÉI.	Name, signature of the specialist physician treating the patient (to whom the educational materials are handed over) and the name of his/her workplace. Egis transfers the data to the National Institute of Pharmacy and Nutrition (OGYÉI).
Registration of professionals (physicians) registered on www.egismed.hu and identification of their usage rights.	Surname, first name, email address, occupation (healthcare professional, physician, pharmacist), stamp number/registration number, area of specialization (optional), gender, username, password. In relation to Accredited Continuing Education Tests: fact of successful examination, continuing education score. On the basis of the user rights, Egis can forward professional materials through the website and enable the completion of Accredited Continuing Education tests (medical education - organization and support of medical online (continuing) training). The technical tasks and assistance related to registration are carried out by Promenade Publishing House Kft. as a data processor. Egis sends notice of successful exams taken through the website to www.oftex.hu/www.gyoftex.hu. The detailed terms and conditions of data processing can be found in the Privacy Notice at www.egismed.hu.

In general Egis keeps the data until the individual withdraws consent, or failing this, for the time necessary to maintain contact. In respect of events, the data retention period is 1 year, in respect of contracts and biosimilar products, it is 5 years.

Some third parties may send newsletters to individuals for promotional purposes. Newsletters may include Egis content (e.g. professional articles, video interviews, congress reports, trial summaries, Egis products). However, the list of recipients of newsletters is compiled by a third party as an independent data controller who also sends out the newsletters. Egis has no control over this data processing, is not familiar with the personal data and the terms and conditions of data processing are governed by the privacy notice of that third party.

More information: Data processing for marketing purposes, data processing for professional and communications training, media appearances, events

Last update: 1 October 2019

Processing customer complaints (medicinal products and medical devices).

Data voluntarily given by the submitter of the complaint.

The submitter is usually a pharmacist, wholesaler, Egis subsidiary or representative office, or contractual partner, and rarely directly the patient.

In the course of submitting and handling the complaint, Egis may learn the name, address, telephone number, e-mail address and illness of the patient, the names of the medicines taken by the patient, information related to the patient’s health, treatments used, laboratory results, examination results as well as information related to the patient’s lifestyle.

If the submitter of the complaint is not the patient, in addition to the above data, Egis also processes the name and contact details of the person making the complaint.

Management of the claims pertaining to the products distributed by Egis (e.g. complaints, claims for damages) and processing and transferring the personal data and the related health data to the supplier of the given product, in order to inform such supplier of the relevant claim, and involve the supplier into the claim management, if necessary.

Personal data (the identification and contact data of the individuals).

Health data (medical documentation of the individual).

Personal data will be deleted after 1 year from the closure of the complaint, or until the end of the limitation period of the claims regarding the products distributed by Egis, or until the closing of the dispute resolution procedure regarding the claim.

Thereafter, Egis will only retain data in an anonymised form that cannot be connected with data subjects in relation to the complaint.

The related IT system (Catsweb) is operated by CNW Zrt.

More information: Processing of personal data related to customer and quality complaints

Last update: 1 October 2019

Egis processes the data of applicants for the vacancies it advertises, including the data of Applicants who apply for vacancies advertised on the career site at https://jobs.servier.com/egis/?locale=hu_HU for the following purposes.

Processing the personal data of Applicants for the purpose of filling the posts advertised by Egis (recruitment).	Data provided by Applicants in the Application, in particular: the name and contact details (address, telephone number, email address of applicants, and, as the case may be, the LinkedIn contact or their own professional websites), the content of the CV and motivation letter, profile photo attached to the CV, foreign language skills, information related to previous experience, place(s) of work, qualifications, skills and studies, preferred professional area, references and, where available, expected monthly salary, personal data given voluntarily, e.g. the place and date of birth, mother’s name upon birth, citizenship, any other document in addition to the CV and motivation letter. Data retention period is 2 years from the last contact with the Applicant.
Keeping CVs or other application related materials and competence test related materials of Applicants in order that Egis can contact the Applicant in the future with a job offer directly (e.g. when a vacancy later or another open position matching his/her professional background - profile).	Scope of data collected from the Applicant initially. The data retention period is 2 years from the withdrawal of the Applicant’s consent or, in the absence of objection, from the last contact with the Applicant.
In the case of job applications received on a platform other than the Career site, contacting the Applicant in order to inform him/ her that Egis can accept the job application on the SERVIER MONDE Career site.	Out of the data provided by the Applicant, Egis only processes the contact information required for making contact (e.g. telephone number, e-mail address), which will be deleted after contacting.
Assessing the professional competencies of the Applicant for the job applied for, after the review of the job applications – in accordance with the specifics of the job which is applied for.	The questions raised on the online site/test/personal monitoring (in the course of a personal interview, assessment centre) strictly relate to the examination of the professional competencies that are absolutely necessary for filling the advertised job. A professional retained by Egis or employed by Egis carries out the test, by evaluating the answers given by the Applicant in the completed test forms/on the online site/in the course of personal monitoring. Partners take part in the assessment of the test. An updated list is available at any time on hr@egis.hu. Data retention period: 2 years from the last contact with the Applicant.
Processing the personal data provided by the Applicant with respect to the Referees designated by the Applicant and the information provided by the referees in relation to the applicant.	The scope of data originally collected from the Applicant, the name, position and contact details of the Referee designated by the Applicant. Information provided to Egis by the Referee(s) regarding the Applicant. Data retention period: 2 years from the last contact with the Applicant.
Processing the e-mail address provided by the (selected) Applicant who will be hired by Egis in his/her job application in order to inform the Applicant about the hiring procedure, further steps to be taken and how to prepare the necessary employment documents and notifications.	Mail address shared in the Application. Data retention period: 2 years from the last contact with the Applicant.

’Within the Egis organization the person (who carries out selection) competent in the area where the job concerned was advertised and competent staff of the Egis Human Resources and Communications Directorate may have access to Applicants’ job applications and the personal data contained therein during the term of data processing. The carrier site is operated by SERVIER MONDE. Information about the data processing carried out on the carrier site can be found in the Privacy Policy available there.

More information: Processing of the personal data of applicants for vacancies advertised by Egis

Last update: 22 December 2022

Previous version: Processing of the personal data of applicants for vacancies advertised by Egis /04032021-22122022/

Processing the personal data of the principal investigator and sub-investigators required to conduct and authorize a clinical trial.	Professional curriculum vitae of the coordinating principal investigator and sub-investigators and/or any other appropriate document certifying their qualification;a letter of intent from the principal investigator or coordinating principal investigator in which he/she undertakes to implement the trial plan known to him/her in accordance with its requirements and the terms of the resolution on its authorization if the trial is authorized. In addition, the data contained in the trial protocol - name and contact details of the principal investigator. Data retention period: 25 years after archiving the trial or 5 years after the product ceases to be marketed (whichever is longer). Professional curriculum vitae of the principal investigators and sub-investigators and/or any other appropriate document certifying their qualification are available to the authorities.
Verifying the patient monitoring data forms (that contain the anonymized trial data).	The name, signature and - as the case may be - the stamp number of the principal investigator or sub-investigators on each patient’s data form. Data retention period: 25 years after archiving the trial or 5 years after the product ceases to be marketed (whichever is longer).
Monitoring clinical trials - on-site audit of trial documents	Health data and other personal data of the subjects (data subjects) undergoing the trial: name, signature of the data subject, his/her data necessary for contacting and identifying him/her, medical data required for conducting the trial, evaluating the safety of the trial and generating trial results. Data processing adjusts to the time required for the on-site audit of the documents.

More information: Data processing in relation to clinical trials

Last update: 1 October 2019

Obtaining official permit (National Institute of Pharmacy and Nutrition - OGYÉI) and ethics committee ruling (Health Scientific Council - Scientific Research Ethics Committee - ETT-TUKEB) necessary for the evaluation tests of the clinical performance of medical devices.	Relevant individuals: Principal investigators, sub-investigators and coordinating investigator of trial sites. Scope of data: Professional curriculum vitae of the coordinating principal investigator and investigators of the trial sites and/or any other appropriate document certifying their qualification; A letter of intent from the principal investigator or coordinating principal investigator in which he/she undertakes to implement the trial plan known to him/her in accordance with its requirements and the terms of the resolution on its authorization if the trial is authorised. Data retention period: 25 years after archiving the trial or 5 years after the product ceases to be marketed (whichever is longer).
Processing the personal data of the trial staff (principal investigator, sub-investigator, clinical trial coordinator, clinical trial nurse) required for the agreements entered into to conduct the trials to evaluate the clinical performance of medical devices.	Data included in the service agreement entered into with the trial staff (principal investigator, sub-investigator, clinical trial coordinator, clinical trial nurse) or the company represented by the individual for the performance of the investigator’s tasks of the evaluation test of the clinical performance of medical devices: name, address, tax number/tax identification number, registration number, bank account number of the investigator or, in the case of an agreement with a business, the contact details of the representative and the corporate and billing information of the business.
Collecting electronic patient monitoring data forms (CRF, Case Report Form) containing pseudonymized trial data.	Pseudonymized health data of the subjects undergoing the trial (individuals) and other personal data related to the trial that is needed to conduct the trial and assess the safety of the trial and generate trial results (including without limitation demographic data, comorbidities, medications, laboratory results, adverse drug reactions). Data retention period: 25 years after archiving the trial or 5 years after the product ceases to be marketed (whichever is longer).
Granting access to the program that processes electronic patient monitoring data forms in the case of a clinical trial for the evaluation of performance of medical devices requiring electronic data input.	Name and email address of the clinical trial physician or person authorized by the principal investigator. Data retention period: 10 years.
Monitoring clinical trials of medical devices - on-site audit of trial documents	Health data and other personal data of the subjects (individuals) involved in the trial: name of the individual, his/her signature on the information leaflet and consent form, his/her data necessary for contacting and identifying him/her, medical data required for conducting the trial, evaluating the safety of the trial and generating trial results.
Preparing a clinical trial report on medical devices.	The health data of the subjects (individuals) involved in the trial and collected in the electronic patient monitoring data forms for the purpose of conducting the trial. Data retention period: 25 years after archiving the trial or 5 years after the product ceases to be marketed (whichever is longer).

More information: Data processing related to tests of medical devices conducted for the evaluation of performance

Last update: 1 October 2019

Compiling a so-called “list of senior citizens” from employees retired from Egis so that Egis can inform the senior citizens on the list about events and programs organized by Egis, by sending out invitations by mail or by telephone (e.g. Club day, Christmas program, Senior citizens’ trip, etc.).	Name, postal address or home address (city, post code, street/house number), mobile contact details, landline telephone number of the individual.
Using photos taken or videos made to record the events referred to in point 1 and consequently to preserve memories.	Use of photos taken and videos made by Egis’ internal and external communications departments or agents (e.g. when attending events organized by Egis or its partners).
Sending newsletters on other events not mentioned in point 1 by post or email.	Name, postal address or home address (city, post code, street/house number), email address of the individual.
Administering requests for support from Egis, responding to the relevant persons and evaluating support.	Name, postal address or home address, mobile phone number, landline telephone number, email address, retirement voucher (containing name, address of the individual and amount of the pension paid to him/her) and the certificates required for applying for the support (e.g. pharmacy bills, medical findings, charge for the treatment, health data).
Administering applications related to the use of Egis resorts, responding to those concerned and examining applications.	Name, date of birth, tax identification number, close relative status. In the application form the individual shall also indicate close relatives/outsiders applying with him/her, providing the data referred to above. In this regard, Egis assumes that the individual has duly informed the close relative/outsider of the data processing before providing his/her data to Egis.

More information: Data processing in respect of former employees retired from Egis

Last update: 1 October 2019

Data processing related to contractual partners and tenderers participating in a procurement process (communication, implementation of relevant contract, data processing related to persons involved in performance as well as students supplied by student job centres).

Processing data of contractual partners’ contact persons and persons involved in the performance of the contract for the purpose of fulfilling the contract (implementation on a daily level) and exercising rights related to the contract.	Name and contact details (e-mail, telephone number, mobile number, fax number) of contact persons of contractual partners and of persons involved in the performance, and communication containing any personal data related to the contract (e.g. communication received from the contact person or any natural person acting on behalf of the partner). Data retention period: 5 years from the termination of the contractual relationship.
Processing data of contact persons of contractual partners and of persons involved in the performance for compliance purposes related to the contract or any other actions related to the fulfilment of the contract including finding judicial remedy necessary for ensuring contractual rights.	Name and contact details (e-mail, telephone number, mobile number, fax number) of contact persons of contractual partners and of persons involved in the performance, and communication containing any personal data related to the contract (e.g. communication received from the contact person or any natural person acting on behalf of the partner). Data retention period: 5 years from the termination of the contractual relationship.
Assessing the professional competence of colleagues intended to be involved or taking part in the performance of organisations which are providing service for Egis in the course of Egis’s procurements or of tendering organisations participating in the related procurement process as well as students supplied by student job centres.	Personal data disclosed by the data subject (e.g. name, information about qualifications, professional background, professional experience, any personal data given by the data subject in the CV or featured in the document verifying professional competence). Data retention period: for non-winning tenders 5 years following the conclusion of tendering; for winning tenderers 5 years following the termination of the contractual relationship established with the chosen partner.
Inspecting the presence of persons involved in performance by external contractual partners providing service for Egis on Egis premises as well as students supplied by student job centres (and thus contractual performance) with the help of the data recorded by the registered passes provided by Egis.	Data of movements related to each registered pass (date, time and place of entry/exit) as well as the name of the person entering, the name of the department where this person is performing work on Egis premises and the name of the employer company. Data retention period: 5 years from the termination of the contractual relationship.

Unless Act V of 2013 on the Civil Code (the ‘Civil Code’) provides otherwise, claims are subject to a period of limitation of 5 years. If Egis indicates the limitation period during which a claim is enforceable as the duration of data processing, an act that interrupts the limitation will extend the duration of processing until the new time limit of the limitation (Civil Code, Section 6:25(2)). If limitation is suspended, the claim shall remain enforceable within one year from the time when the reason for suspension is eliminated or, in respect of a period of limitation of one year or less, within three months even if the period of limitation has already lapsed or there is less than the above periods of time remaining therein (Civil Code, Section 6:24(2)).

In accordance with Act C of 2000 on Accounting (the ‘Accounting Act’), Egis is obliged to retain ‘accounting records’, for example those which comprise documents supporting accounting or which feature in documents related to concluding a contract between Egis and one of its contractual parters (e.g. a contract or order), in documents supporting accounting or in an issued invoice. The 8-year data retention period stipulated in the Accounting Act is to be calculated from the date when an accounting entry connected with the data arises in a given year or when the report/accounting is based on the given data in any way. In practice, when the data appear in a contract under which several orders are made (e.g. advice is provided on a number of occasions under a contract), the 8 years are to be calculated separately from the date of each performance because separate invoices are issued for each performance which are the basis of the given transactions. If, for example, the data appear in a contract which stipulates the sale of a thing (the thing is delivered and thus the contract is discharged by performance), the transaction will be accounted in the given year based on the contract and the invoice, and the aforementioned 8-year period starts from that date.

More information: Data processing related to contractual partners and tenderers

Last update: 1 October 2019

1.1 Data protection rights and judicial remedies

Data protection rights and judicial remedies of data subjects are included in the relevant Articles of the GDPR (in particular Articles 15, 16, 17, 18, 19, 20, 21, 22, 77, 78, 79 and 82 of GDPR). The following summary contains the most relevant provisions and defines how Egis informs data subjects of their data protection rights and judicial remedies connected to data processing.

Egis shall provide information on actions taken on a request (under Articles 15 to 22 of GDPR) to the data subject without undue delay and in any event within one month of receipt of the request. That period may be extended by two further months where necessary, taking into account the complexity and number of requests. Egis shall inform the data subject of any such extension within one month of receipt of the request, together with the reasons for the delay. Where the data subject makes the request by electronic means, the information shall be provided by electronic means where possible, unless otherwise requested by the data subject.

If Egis does not take action on the request of the data subject, Egis shall inform the data subject without delay and at the latest within one month of receipt of the request of the reasons for not taking action and on the possibility of lodging a complaint with a supervisory authority and seeking a judicial remedy.

The information requested by data subject shall be provided by Egis in writing, or where the data subject made the request by electronic means or where requested, the information shall be provided by electronic means. When requested by the data subject, the information may be provided orally, provided that the identity of the data subject is proven to Egis.

1.2 Right of access

(1) The data subject shall have the right to obtain from Egis confirmation as to whether or not personal data concerning him or her are being processed, and where that is the case, access to the personal data and the following information:

a) the purposes of the processing;

b) the categories of personal data concerned;

c) the recipients or categories of recipients to whom the personal data have been or will be disclosed by Egis, in particular recipients in third countries or international organisations;

d) where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;

e) the right to request from Egis rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing;

f) the right to lodge a complaint with a supervisory authority; and

g) where the personal data are not collected from the data subject, any available information as to their source;

h) automated decision-making, including profiling, referred to in Sections (1) and (4) of Article 22 of GDPR and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.

(2) Where personal data are transferred to a third country, the data subject shall have the right to be informed of the appropriate safeguards relating to the transfer.

(3) Egis shall provide a copy of the personal data undergoing processing. For any further copies requested by the data subject, Egis may charge a reasonable fee based on administrative cost. Where the data subject makes the request by electronic means, and unless otherwise requested by the data subject, the information shall be provided in a commonly used electronic form.

1.3 Right to rectification

The data subject shall have the right to obtain from Egis without undue delay the rectification of inaccurate personal data concerning him or her. Furthermore, the data subject shall have the right to have incomplete personal data completed, including by means of providing a supplementary statement.

1.4 Right to erasure (”right to be forgotten”)

(1) The data subject shall have the right to obtain from Egis the erasure of personal data concerning him or her without undue delay where one of the following grounds applies:

a) the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed by Egis;

b) the data subject withdraws consent on which the processing is based and where there is no other legal ground for the processing;

c) the data subject objects to the processing and there are no overriding legitimate grounds for the processing;

d) the personal data have been unlawfully processed;

e) the personal data have to be erased for compliance with a legal obligation in Union or Member State law to which Egis is subject; or

f) the personal data have been collected in relation to the offer of information society services.

(2) Where Egis has made the personal data public and is obliged pursuant to paragraph 1 to erase the personal data, Egis, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform processors that are processing the personal data that the data subject has requested the erasure by such processors of any links to, or copy or replication of, those personal data.

(3) Paragraphs 1 and 2 shall not apply to the extent that processing is necessary, including but not limited to the following:

a) for exercising the right of freedom of expression and information;

b) for compliance with a legal obligation which requires the processing of personal data by Union or Member State law to which Egis is subject;

c) for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in so far as the right referred to in paragraph 1 is likely to render impossible or seriously impair the achievement of the objectives of that processing; or

d) for the establishment, exercise or defence of legal claims.

1.5 Right to restriction of processing

(1) The data subject shall have the right to obtain from Egis restriction of processing where one of the following applies:

a) the accuracy of the personal data is contested by the data subject, for a period enabling Egis to verify the accuracy of the personal data;

b) the processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead;

c) Egis no longer needs the personal data for the purposes of processing, but they are required by the data subject for the establishment, exercise or defence of legal claims; or

d) the data subject has objected to processing, for a period pending the verification whether the legitimate grounds of Egis override those of the data subject.

(2) Where processing has been restricted under paragraph 1, such personal data shall, with the exception of storage, only be processed with the data subject’s consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.

(3) A data subject who has obtained restriction of processing shall be informed by Egis before the restriction of processing is lifted.

1.6 Notification obligation regarding rectification or erasure of personal data or restriction of processing

Egis shall communicate any rectification or erasure of personal data or restriction of processing to each recipient to whom the personal data have been disclosed, unless this proves impossible or involves disproportionate effort. Egis shall inform the data subject about those recipients if the data subject requests it.

1.7 Right to data portability

(1) The data subject shall have the right to receive the personal data concerning him or her, which he or she has provided to Egis, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from Egis, where:

a) the processing is carried out based on consent, or on a contract; and

b) the processing is carried out by automated means.

(2) In exercising his or her right to data portability pursuant to paragraph 1, the data subject shall have the right to have the personal data transmitted directly from one controller to another (from Egis to another controller), where technically feasible.

(3) The exercise of the right referred to in paragraph 1 shall be without prejudice to the provisions of right to erasure (“right to be forgotten”) and the right shall not adversely affect the rights and freedoms of others.

1.8 Right to object

(1) The data subject have the right to object, on grounds relating to his or her particular situation, at any time to legitimate processing of personal data concerning them, including profiling. In these cases, Egis shall no longer process the personal data unless Egis demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims.

(2) Where personal data are processed for direct marketing purposes, the data subject shall have the right to object at any time to processing of personal data concerning him or her for such marketing, which includes profiling to the extent that it is related to such direct marketing.

(3) Where the data subject objects to processing for direct marketing purposes, the personal data shall no longer be processed for such purposes.

(4) In the context of the use of information society services, and notwithstanding Directive 2002/58/EC, the data subject may exercise his or her right to object by automated means using technical specifications.

(5) Where personal data are processed for scientific or historical research purposes or statistical purposes, the data subject, on grounds relating to his or her particular situation, shall have the right to object to processing of personal data concerning him or her, unless the processing is necessary for the performance of a task carried out for reasons of public interest.

1.9 Right to lodge a complaint with a supervisory authority

The data subject has the right to lodge a complaint with a supervisory authority, in particular in the Member State of his or her habitual residence, place of work or place of the alleged infringement, if the data subject considers that the processing of personal data relating to him or her infringes GDPR regulations. The supervisory authority in Hungary is the Hungarian National Authority for Data Protection and Freedom of Information (Nemzeti Adatvédelmi és Információszabadság Hatóság, http://naih.hu/; address: 1055 Budapest, Falk Miksa utca 9-11, postal address: 1374 Budapest, Pf. 603., postal address: 1374 Budapest, Pf. 603.; phone: +3613911400; fax: +3613911410; email: ugyfelszolgalat@naih.hu).

1.10 Right to an effective judicial remedy against the supervisory authority

(1) The data subject shall have the right to an effective judicial remedy against a legally binding decision of a supervisory authority.

(2) The data subject shall have the right to an effective judicial remedy where the supervisory authority does not handle a complaint or does not inform the data subject within three months on the progress or outcome of the complaint lodged.

(3) Proceedings against a supervisory authority shall be brought before the courts of the Member State in which the supervisory authority has its seat.

1.11 Right to an effective judicial remedy against Egis or the data processor

(1) Without prejudice to any available administrative or non-judicial remedy, including the right to lodge a complaint with a supervisory authority, each data subject shall have the right to an effective judicial remedy where he or she considers that his or her rights under the GDPR have been infringed as a result of the processing of his or her personal data in non-compliance with the GDPR.

(2) Proceedings against Egis or the processor shall be brought before the courts of the Member State where Egis or the processor pursues its activities. Such proceedings may also be brought before the courts of the Member State of the data subject’s habitual residence.

(3) For a detailed list of courts please visit: https://birosag.hu/ugyfelkapcsolati-portal/illetekessegkereso.

(4) In Hungary, tribunals have jurisdiction in these kinds of proceedings. The dispute – pursuant to the choice of the individual – can be initiated in front of the tribunal based on the address or place of residence of the individual.

Last update: 5 October 2020

1.1 IT support for data breaches and privacy records

Within this framework Egis regularly conducts self-revisions to check whether the operation of the company’s IT system and relevant company guidelines comply with the current legal regulations. Egis also tests its technological resistance (IT security revision) during the self-revision process. Egis regularly analyses the records (IT security asset inventory) of processed and stored data in its IT systems and the IT security threats to these data.

1.2 Authentication systems

Authentication of users and supervision of Egis IT system users’ access rights. Egis utilises a central directory system and digital signatures (for authentication, signatures and encryption) to control user privileges. Egis also separates authorisation management (different persons are authorised to set privileges connected to specific systems/groups of systems); uses password management (minimum required password complexity, required and forced password changes); multiple factor authentication (use of various authentication components other than the username and password); and uses a public key infrastructure (PKI) for managing machine certificates. This procedure enables Egis to control that only recognised and registered computers are allowed to communicate within the company network.

1.3 Protection against malware

Egis operates a multi-layer, heterogenous protection system based on various technologies and manufacturers on client and server computers, network devices and content filters for protection against common malware (bot, malware, spyware etc.). Furthermore, Egis uses sandboxing technology (applications run in a secure environment) against unknown (zero-day) and advanced persistent threats (APT) for contents downloaded from the internet and email attachments.

1.4 Security event management

Egis records and stores the technical logs of systems and applications to reconstruct past events and to provide evidence for potential investigations related to data security, data protection or IT security events. Egis continuously monitors the status and statistics of IT security systems.

1.5 User support and training

Egis supports and enhances the IT and data security awareness of corporate users with the following methods: IT security awareness program with communication and training components, a dedicated section on the intranet, regular presentations and electronic training material.

1.6 Network security

Egis monitors and controls the networks with a multi-level stateful firewall mechanism. Egis continuously analyses and evaluates network traffic with automatic intrusion detection and intrusion prevention systems (IDS/IPS). Egis centrally monitors the wireless networks used at the company’s sites, consequently, wireless access is regulated and controlled, furthermore, wireless data traffic is protected by a strong encryption procedure. In order to ensure a high level of security in communications and IT systems, the networks of Egis sites are connected by encrypted data channels (VPN).

1.7 Data processing by third parties

Egis regulates communication and information flow with its IT service providers and conclude a confidentiality agreement with service providers and partners.

1.8 Protection of mobile systems

Egis regularly assesses, analyses and evaluates IT security vulnerabilities and based on the outcome, takes the required actions. Egis regularly installs security upgrades on corporate computers and devices.

1.9 Vulnerability management

Egis regularly assesses, analyses and evaluates IT security vulnerabilities and based on the outcome, takes the required actions. Egis regularly installs security upgrades on corporate computers and devices.

1.10 Content filtering

1.10.1 Email filtering

Egis uses a multi-layer automated system based on various technologies to filter unwanted emails (spam), misleading emails (phishing) and emails containing malware and operates protection procedures to offer protection from special, protocol based (low-technology) threats. Where feasible, Egis strives to establish a reliable and secure email channel by using encryption procedures and technologies to identify senders.

1.10.2 Web content filtering

Egis – in line with the Privacy Policy and internal IT regulations – strictly monitors internet access and browsing activities. Egis uses an automated system to block access to unsafe sites and protection procedures to prevent special, protocol based (low-technology) threats.

Where feasible, Egis provides secure browsing channel to authenticate internet resources for communication by using up-to-date technology and encryption procedures.

In order to offer protection from malware, content downloaded from the internet is controlled by automatic systems.

1.11 Endpoint (e.g. computers or other devices, servers) protection

Egis uses a firewall and intrusion detection and intrusion prevention systems (IDS/IPS) to protect the network connection of the endpoint devices. All suitable computers and other endpoint devices are protected by continuous on-access anti-malware protection as well as with regular security checks.

1.12 Data carrier protection

Data carriers are registered by Egis and encryption procedures are applied upon their usage.

1.13 Protection of documents and data

Regarding the physical protection of data and electronic and paper documents, Egis has lockable server rooms and processes are regulated by an up-to-date document management regulation, which requires paper documents to be stored in locked cabinets which are only accessible to persons with the appropriate level of authorisation.

1.14 Egis IT Directorate activities

In relation with the above measures, IT Directorate provides general IT services, in particular: registration of IT devices used for work; managing IT requests; fault localisation and technical support; IT system authentication; improvement, protection, development and testing of the IT system’s performance; reconstruction of IT issues; general communication with users of IT services, assistance via remote access, if required. It also includes preventing repairs, preventing and exploring data breaches, such as: blocking content or servers sending malicious emails from the mailing system based on headers. IT Directorate also performs technical support related to browsing, improves browsing performance and explores related incidents.

While performing the above activities, IT Directorate has access to personal data only to the required extent, in order to meet the requirements of the GDPR.

Last update: 1 October 2019

Contact detail of Egis Pharmaceutical PLC' Data Protection Officer : adatvedelem@egis.hu

1. GENERAL INFORMATION

Egis Gyógyszergyár Zártkörűen Működő Részvénytársaság („Egis”) processes information in connection with its customers, clients, contact persons of its contracting partners, recipients of its marketing communications, visitors of its plant units and other facilities and other individuals (who are hereinafter referred to collectively as “individual(s)”) which information qualifies as “personal data” as defined in point 1 of Article 4 of the General Data Protection Regulation No 2016/679 of the EU (“GDPR”). This Privacy Notice (“Privacy Notice”) provides information regarding the processing of these personal data and the rights and remedies of the individuals related to data processing.

Contact details of Egis:

Registered seat of Egis: 1106 Budapest, Keresztúri út 30-38.

company registration number of Egis: Cg. 01-10-041762,

registered by the Court of Registration of the Metropolitan Court of Budapest

telephone number of Egis: +36 1 803-5555

email address of Egis: mailbox@egis.hu, or in data privacy issues: adatvedelem@egis.hu.

website of Egis: hu.egis.health

2. UPDATES AND AVAILABILITY

Egis reserves the right to modify this Privacy Notice unilaterally with effect subsequent to such modification, subject to the limitations provided for in the laws and with prior notice to individuals in due time, if necessary. Egis may modify this Privacy Notice especially when it is required upon changes in the laws, the practice of the data protection authority, business needs or employees’ needs, any new activity involving personal data processing or any newly revealed security exposures.

3. SPECIFIC DATA PROTECTION TERMS

In certain cases - for example in the course of the use of the websites operated by Egis or in connection with Egis’ security cameras - specific privacy-related terms and conditions may also be applicable of which the individuals who are affected by them will be duly notified, for example before they enter Egis’ premises, on the relevant website or in the consent given to data processing.

4. SCOPE OF THE DATA AND THE PURPOSE OF THEIR PROCESSING

The table below describes the purposes, the legal basis of processing, the scope of the personal data processed, the duration of the processing and the scope of the persons authorized to have access to the data and the recipients of data transfers. Where a purpose of processing is required for pursuing a legitimate interest of Egis or any third party, then Egis will make the balancing test of the underlying interests available upon a request submitted to one of the contact details of Egis above. Egis expressly wishes to draw the attention of the individuals to their right of objection to the processing of their personal data due to a cause related to their own situation at any time where the processing is based on legitimate interest, including the case where the processing takes the form of profiling under the provisions referred to. In this case Egis will no longer process the personal data unless it demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the individual or for the establishment, exercise or defence of legal claims. Egis expressly draws individuals’ attention to the fact that if personal data are processed for direct marketing purposes, the data subject shall have the right to object at any time to processing of personal data concerning him or her for such marketing, which includes profiling to the extent that it is related to such direct marketing. Where the data subject objects to processing for direct marketing purposes, the personal data shall no longer be processed for such purposes.

Last update: 1 October 2019

GDPR.

Cookie Settings

Cookies necessary for basic functioning

Functional cookies

Cookies for statistical purposes

Cookie management policy