Transparency Register

 1.

 Controller / Company

Orion Pharma (Ireland) Ltd.
C/o Allphar Services Ltd.
4045 Kingswood Road
Citywest Business Park
Dublin 24.
Tel:  + 353 1 468 7500

2.

The person in charge /contact person

Contact person: Paul Clinch
Orion Pharma (Ireland) Ltd.
C/o Allphar Services Ltd.
4045 Kingswood Road
Citywest Business Park
Dublin 24.
Tel:  + 353 1 468 7500
e-mail: Ireland.privacy@orionpharma.com

Contact details of the Data Protection Officer: Heidi Arala
email: privacy@orion.fi

 3.

Name of the data file

 Transparency Register

 4.

The purpose for processing the personal data / recipients (or categories of recipients) of personal data / the legal basis for processing the personal data

The purpose for processing the personal data in this data file is to enable the controller to meet the obligations of the IPHA Code of Practice for the Pharmaceutical Industry with regards to the requirements to document and publicly disclose certain transfers of value made directly or indirectly to healthcare professionals (HCPs) and other relevant decision makers (ORDMs).

We may share your information with third parties, such as those who assist us by performing technical operations such as data storage and hosting. If ownership or control of Orion Corporation or all or any part of our products, services or assets changes, we may disclose your personal data to any new owner, successor or assignee.

The controller will not disclose the collected data for commercial purposes to third parties. The controller may disclose the data to service providers selected by the controller for fulfilling the purposes of the register. Data is only disclosed if individuals consent to disclosure, if consent is declined data is disclosed as a non-identifiable aggregate figure.

The controller uses paper files and a database to compile a spreadsheet that is then uploaded to the Disclosure Ireland database at a defined time on an annual basis.

The legal basis for processing of the personal data is the legitimate interests of the public: need for greater transparency regarding the interactions between the pharmaceutical industry and the HCPs/ORDMs, and of the controller: compliance with industrial self-regulation.  (EU General Data Protection Regulation Article 6.1.f). We only process personal data based on our legitimate interests, in case we have deemed, based on the balancing of interest test, that the rights and interests of the data subject will not override our legitimate interest.

 5.

Content of the data file

The data file contains details of healthcare professionals and other relevant decision makers who have received a payment of transfer of value as defined by the IPHA Code of Practice for the Pharmaceutical Industry.

The data file contains the following groups of data:  name, telephone number, work mailing address, e-mail address, amount of transfers of value to the individual.

 6.

Source of information

Data is collected by the controller from the data subject and from payment data the data collected by Senior accountant.

Retention period of the personal data

The information remains publicly available during a period of three years calculated from the date on which the information was first published. The controller is, however, obligated to store the information regarding transfers of value for at least five years after the end of each reporting period.  In addition, the controller stores the information for as long as is necessary in order for the controller to satisfy legal or contractual obligations, or in order to establish, exercise or defend legal claims. When the personal data are no longer necessary for these purposes, the personal data will be securely deleted.  

 8.

The principles how the data file is secured

A. Manual data file
The manual data shall be stored in an area with restricted access, available only for the authorised persons.

B. Electronic information
The data file is located on the Orion Pharma server in a controlled environment.  The information is accessible only by such company employees who need the information based on their role. Only an authorized user of the data file can create new users and maintain user information.  Technical maintenance of the Orion Server is provided by Fujitsu.

 9.

Right of access and realization of the right of access

The data subject shall have the right of access, after having supplied sufficient search criteria, to the data on himself/herself in the personal data file, or to a notice that the file contains no such data. The controller shall at the same time provide the data subject with information of the sources of data in the file, on the uses for the data in the file and the destinations of disclosed data.

The data subject who wishes to have access to the data on himself/herself, as referred to above, shall make a request to this effect to the person in charge at controller by a personally signed or otherwise comparably verified document and by verifying his or her identity by attaching a copy of an official identification document.

10. 

Right to object to processing

In case the legal basis for processing the personal data is the legitimate interests of the controller, the data subject has the right to object to processing on grounds relating to his or her particular situation. 

In case the data subject wishes to use its above-mentioned right, he or she shall make a request to this effect to the person in charge at the data controller by a personally signed or otherwise comparably verified document in writing to the representative of the data controller named under section 2. hereinabove. 

 11.

Rectification, restriction of processing and erasure

he data subject may notify Orion Pharma (Ireland) Ltd of changes in his/her data at the internet address: Ireland.privacy@orionpharma.com

A controller shall, on its own initiative or at the request of the data subject, without undue delay rectify, erase or supplement personal data contained in its personal data file if it is erroneous, unnecessary, incomplete or obsolete as regards the purpose of the processing. The controller shall also prevent the dissemination of such data, if this could compromise the protection of the privacy of the data subject or his/her rights.

The data subject shall have the right to obtain from the controller restriction of processing, in case the data subject has contested the accuracy of the processed personal data, if the data subject has claimed that the processing is unlawful and the data subject has opposed the erasure of the personal data and has requested the restriction of their use instead; if the controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defence of legal claims; or if the data subject has objected to processing pursuant to the EU General Data Protection Regulation pending the verification whether the legitimate grounds of the controller override those of the data subject.  Where processing has been restricted based on the above grounds, the data subject who has obtained restriction of processing shall be informed by the controller before the restriction of processing is lifted.

If the controller refuses the request of the data subject of the rectification of an error, a written certificate to this effect shall be issued. The certificate shall also mention the reasons for the refusal. In this event, the data subject may bring the matter to the attention of the Data Protection Ombudsman.

The controller shall undertake reasonable measures to notify the erasure to the controllers to whom the data has been disclosed and who are processing the data. The controller shall notify the rectification to the recipients to whom the data have been disclosed and to the source of the erroneous personal data. However, there is no duty of notification if this is impossible or unreasonably difficult.

Requests for rectification shall be made by contacting the representative of the controller named under section 2. hereof.