Who are we?
Gemarmed srl and its affiliates (from this point forward referred to as “Gemarmed”, “we”, “our”, “us”) is an independent Regulatory Affairs and Quality Assurance Consultancy agency and for that may handle clients data and conducts surveys on behalf of medical technology and pharmaceutical companies (our clients). These data can be provided thought face to face meetings, over the telephone or online.
Gemarmed’s head office is in Medolla (Mo) at the address provided below:
Via G. Puccini, 1
I-41036 Medolla (Mo) – ITALY
What information do we collect?
We collect your contact information such as full name, e-mail address and / or telephone number when you e-mail or call us with a question or concern, or when you contact us via our website.
Gemarmed uses a network of trusted fieldwork agencies to provide our consultancies for the clients. Someone from one of these agencies will contact you to see if you are willing and eligible to take part in the survey. With your explicit consent, the fieldwork agency may share with us personal information that is necessary for us to conduct our survey. For example, the fieldwork agency may share your name and telephone number with us so that we can call you directly and conduct a telephone interview.
Occasionally, our clients may pass on personal information that they have lawfully collected and for which they have the necessary consent for use by a third party for market research purposes. This information will be used by us or one of our fieldwork partners to contact you to see if you are willing to participate in a market research survey or an advisory board. The information provided may include your full name, specialty, hospital or practice name, e-mail address, telephone number and / or postal address.
We may also collect your details from publicly available sources (e.g. healthcare websites / groups, LinkedIn, etc.) or purchase lists from suppliers operating within data protection regulations.
When we conduct the market research, and only with your explicit consent, we may collect additional personal information, for example in the form of an audio or video recording of the interview.
When we conduct market research among consumers or patients and only with your explicit consent, we may collect special category (sensitive) personal data related to your health in order to meet the survey objectives.
How do we use your personal information?
The personal information that we collect or receive may be used for the following purposes:
Dealing with enquiries and requests submitted to us via mail, e-mail, phone or our website.
Conducting a market research survey for which we or our partner fieldwork agency have obtained your explicit consent. Prior to collecting information from you, we provide you with full details of the purpose and nature of the project and what will happen to the information we collect. The information that you provide will remain confidential and will be analysed and combined with data provided by other respondents for reporting purposes. No information that could identify you is passed on to the commissioning client, unless you have given your explicit consent for us to do so.
What legal basis do we have for processing your personal data?
Our legal basis for processing your personal information is consent.
Our legal basis for processing any special category personal information is explicit consent.
Participating in a market research survey is entirely voluntary and you have the right to manage and withdraw your consent to participate at any time. Should you wish to amend or withdraw your consent, please contact:
· Either the fieldwork agency that recruited you to the survey
· Or Gemarmed using the contact details provided in the How to contact us? section of this policy.
When do we share personal data?
Your personal data will be treated in a confidential manner at all times. In some instances, we may need to share your personal information with third parties that provide research services (e.g. moderators, analysts, transcribers, translators, etc.) to support the research project. These third parties are contractually obliged to adhere to the same privacy protection regulations as Gemarmed.
With your explicit consent, we may share the audio and/or video recording of your interview with the commissioning client company. Prior to obtaining consent, we will provide you with information on the teams within the client company, that will listen to / view the recording and for what purpose. We will not share your name or contact details with the client company. The client company will use the recording only for the specified purpose for which you have given consent.
We are required by commissioning client companies and regulatory bodies to pass on details of adverse events / product complaints relating to any of the client’s products mentioned during the course of market research interviews. This is solely for the purpose of meeting the client’s drug / product safety obligations to the regulatory authorities. If an adverse event or product complaint is mentioned, you will be asked at the end of the interview if you consent to us sharing your contact details with the client’s pharmacovigilance department so that they can follow up with you if required. If you do not consent to us sharing your contact details for this purpose, we will simply report the adverse event / product complaint anonymously. Please be aware that the processing of the adverse event / product complaint data may take place outside the European Economic Area (EEA) or the country where the interview took place.
Where do we store and process personal data?
We generally store and process your information within Italy.
If we need to transfer your personal data outside Italy to a country that is deemed not to have an adequate level of data protection, we do so using a variety of legal mechanisms, including Standard Contractual Clauses, to help ensure your data privacy rights and protection.
How do we secure personal data?
Gemarmed has put in place physical and technical safeguards to protect your personal data from loss, misuse, unauthorized access, disclosure, alteration or destruction.
Personal data stored electronically is stored on a secure network with anti-virus protection. Access to our electronic data files requires user authentication via password or similar means. We also use secure encryption technology to protect electronic devices and your personal data whilst at rest and during any transmission to third parties.
We limit access to any physical records containing your personal data to members of staff whom we reasonably believe need that information to provide our services to our clients.
We train our staff on data protection and information governance, and the need to adhere to the relevant policies and procedures.
We manage data protection with third party suppliers through the use of contracts and security reviews.
We should, however, point out that no safeguards guarantee 100% data security at all times.
For how long do we keep your personal data?
We keep your personal data for up to 10 years in accordance with legal obligations, client contractual terms and industry guidelines. This applies to all survey and associated materials including screener data, questionnaires, audio and video files, adverse event reports, etc. When your information is no longer required or is no longer relevant, we will dispose of it in a secure manner.
Your rights in relation to personal data
Gemarmed respects your right to access and control your personal data as follows:
The right to access your personal information You have the right to obtain confirmation that your personal information is being processed and to request a copy of the personal information we hold.
The right to correct and update your personal information
The accuracy of your personal information is important to us. You can request that we correct any inaccurate or incomplete personal information which we may hold about you at any time.
The right to request to have your personal information deleted
You have the right to request that your personal information be deleted. Such requests will be reviewed on a case-by-case basis.
The right to change / withdraw your consent
You have the right to change or withdraw your consent at any time without affecting the lawfulness of our processing based on such consent before it was changed / withdrawn.
The right to data portability
You have the right to receive the personal data you have provided to us in a structured, commonly used and machine readable format so that you can store it or move it elsewhere. You also have the right to request that we transmit this data directly to another data controller providing it is technically feasible.
The right to restrict processing of your personal data and to object to your personal data being processed for a specific purpose
You may object at any time to your data being processed for a specific purpose and may restrict processing of your personal data, for example while an objection from you is being resolved.
The right to lodge a complaint with your local supervisory authority
If you are concerned about the way we are collecting or using your personal information, or if we fail to respond to your request or to adequately explain why we have been unable to do so, you have the right to make a complaint to your local supervisory authority responsible for data protection matters.
· European countries: http://ec.europa.eu/newsroom/article29/item-detail.cfm?item_id=612080
Please be aware that there may be circumstances where your rights with regards to your personal information may be limited, for example if fulfilling your request would expose the personal data of another person or if you ask us to delete personal data that we are required to keep by law.
A cookie is a tiny text file stored on your computer. Cookies store information that is used to help make websites work. You can control your cookies at the browser level.
How to contact us?
If you have any questions or concerns about our privacy practices or the personal information that we hold about you or if you wish to make a complaint, please feel free to contact:
Data Protection Officers
Via G. Puccini, 1
I-41036 Medolla (Mo) – ITALY
Tel: +39 (0)535 52161