Privacy
Pursuant to Article 13 and 14 of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and the free movement of such (in English "GDPR"), any time personal data are processed (e.g. surname, first name, photo, email address, IP address, etc.), the user must be informed thereof.
The privacy policy contains the mandatory information relating to the protection of your users' personal data. It is thanks to this document that you will be able to supervise, in complete security, the processing of your users’ personal data.
This document is adaptable, and it should be tailored according to your Website (Website showcase/informational site or e-commerce site) and your processing activities.
It is broken down into two separate and related parts – the first linking to the second. The first part (Appendix 1) is a simplified version of the "privacy policy" in the form of questions and answers, and the second (Appendix 2) is a detailed version.
We make it a matter of pride to respect the privacy of our users and to treat their personal data in the strictest confidentiality and in accordance with the legislation in force.
The privacy policy is intended to inform you, in a transparent manner, about the data we collect, the purpose for collecting it, the way we use, how long we store it, it and the rights you have regarding the processing of such data.
On this page, we provide you with a simplified version of our privacy policy in the form of questions and answers. We invite you to also read the detailed version available here.
We draw your attention to the need to read this privacy policy carefully. If you have any other questions, do not hesitate to contact us at the following address: privacy@girp.eu or by calling +32 2 777 99 77
1.WHO IS RESPONSIBLE FOR PROCESSING YOUR DATA?
GIRP is the controller of your personal data.
Here is our complete contact information:
Rue de la Loi 26, 10th floor, box 14
B - 1040 Brussels
Belgium
Belgian business registry (BCE) number: 0464.770.352.
privacy@girp.eu
2. WHAT DATA DO WE COLLECT?
We collect your data - personal or otherwise - for various reasons which are defined in the following point (see point 3). It includes the following data:
-your identifying information (surname, first name, e-mail address, telephone number, postal address, date of birth and country);
-our communications (by email or other);
-the type of domain with which you connect to the Internet;
-the IP address assigned to you;
-the date and time of your access to our Website;
-location data or other data relating to the communication;
-the pages you viewed on our Website;
-the type of browser, platform and/or operating system you are using;
-the search engine and the keywords used to find the Website;
-the operating system you use to view our App;
-If applicable: Date of your participation at an event in Europe;
-any other data that you would communicate to us.
3. WHY DO WE COLLECT YOUR DATA?
We collect your data mainly to respond to your inquiry about GIRP. GIRP formulates, ensures, promotes and defends opinions and measures relative to the scope of its activities at national, European and international level, provides and exchanges data on scientific research, information and services related to the activities of its members, to enable you to register and participate to one of our events, provide you with information regarding GIRP and, more generally, to develop our business and build a better understanding of what our users’ needs are in the field of medicine distribution. Finally, your data also allow us to improve and facilitate your navigation on our Website. The legal bases for processing your data are listed in the full version of the Privacy Policy.
4. HOW DO WE COLLECT YOUR DATA?
Most of your data is communicated to us by your active intervention. Other data, such as the date and time of your access to our Website, the pages you have viewed, or your location data, are collected automatically through servers consulted and "cookies" placed on our Website. For more information on what a cookie is, how it is used and the exact data it collects, visit our page concerning our cookie policy.
5. IS/ARE YOUR DATA PROTECTED?
We take pride in respecting the privacy of our users. We maintain a strict privacy policy and take all appropriate measures to ensure that our servers prevent, to the extent possible, any unauthorized leak, destruction, loss, disclosure, use, access or modification of your data.
6. HOW LONG DO WE STORE YOUR DATA?
We keep your data for the time necessary to accomplish the objectives pursued (see point 3). Once this goal is achieved, we delete them or anonymize them.
7. WHAT ARE YOUR RIGHTS AND HOW CAN THEY BE EXERCISED?
You may, at any time, request to verify, access, rectify, delete, transfer and object to the use of your data, as well as request the limitation of such use of your data. To do so, simply send us an email at the following address: privacy@girp.eu. We will then make every effort to take the necessary action as soon as possible.
8. WHO HAS ACCESS TO YOUR DATA AND TO WHOM ARE THEY COMMUNICATED?
Our employees and GIRP members (if you have given your consent) have access to your data only to the extent necessary for fulfilling the objectives pursued (see point 3). Each of them is subject to a strict obligation of confidentiality. The categories of recipients are listed in the full version of the Privacy Policy.
9. DO WE TRANSFER YOUR DATA ABROAD?
We only transfer your data to a non-EU country if it provides a level of protection equivalent to what you can find in your country of residence (for more information, please check: https://goo.gl/1eWt1V).
When sharing information outside GIRP and with your direct permission (e.g. consulate, embassy, third-parties in professional services), we ensure that your data is protected as far as reasonably possible.
10. HOW TO RECEIVE INFORMATION ON US ?
We only use your email address to send you information about GIRP and our activities.
Based on our legitimate interest based on our existing relationship, we will subscribe you to our newsletter and provide you with information that may interest you. You can unsubscribe from these communications at any time by sending an email to the following address: privacy@girp.eu
11. WHAT IS OUR POLICY ON DATA CONCERNING MINORS?
Our Website are not targeted to children under the age of 18. If you learn that your minor child has provided us with their personal data without your consent, contact us at the following address: privacy@girp.eu
12. WHAT HAPPENS IN THE EVENT OF A CHANGE TO THE PRIVACY POLICY?
If we had to make any changes to this privacy policy, you would be notified through our Website.
13. WHAT TO DO IN THE EVENT OF A DISPUTE?
Lengthy trials do not benefit anyone. In the event of a dispute between us, we commit to give priority to dialogue and openness in search of an amicable solution. You can also contact the Data Protection Authority.
1. GENERAL WARNING
1.1 European Healthcare Distribution Association / Groupement International de la Répartition Pharmaceutique (hereinafter, « GIRP ») respects the privacy of its users (hereinafter, the "Users").
1.2 GIRP processes the personal data transmitted to it in accordance with the legislation in force, and, in particular, Regulation 2016/679 of 27 April 2016 on the protection of individuals with regard to the processing of personal data and the free movement of such data, applicable from 25 May 2018 (hereinafter the "General Data Protection Regulation").
1.3 Access to the website http://girp.eu/ (hereinafter, the “Website”) implies the User’s full understanding of this Privacy Policy (hereinafter the “Policy”) as well as the acceptance of the cookie policy (hereinafter, the “Cookie Policy”) and the general terms of use (hereinafter the “Terms”)..
1.4 The User acknowledges having read the information below regarding GIRP process, in accordance with the provisions of the Policy, of the personal data that he/she communicates on GIRP on its Website (hereinafter, the "Service").
1.5 The Policy is valid for all pages hosted on the Website and for the registrations of this Website, as well as all company pages managed by GIRP on social networks, who is jointly responsible with the social network for the processing of data of visitors to the page. It is not valid for the pages hosted by third parties to which GIRP may refer and whose privacy policies may differ. GIRP cannot therefore be held responsible for any data processed on these Websites or by them.
2. DATA CONTROLLER AND DATA PROTECTION OFFICER
2.1 Simply visiting the Website shall take place without requiring you to manually provide any personal data, such as first name, surname, postal address, e-mail address, etc.
2.2 As part of the Service, the User may be required to provide certain personal data. In this case, the data controller is:
GIRP
Rue de la Loi 26, 10th floor, box 14
B - 1040 Brussels
Belgium
Belgian business registry (BCE) number: 0464.770.352.
privacy@girp.eu
2.3 Any question regarding the processing of this data may be sent to the following address: privacy@girp.eu
3. DATA COLLECTED
3.1 By using the Website, the User understands that GIRP records and stores, for the purposes mentioned in point 4, the following information:
-your identifying information (surname, first name, e-mail address, telephone number, postal address, date of birth and country);
-our communications (by email or other);
-If applicable: date of your participation at an even.
3.2 The User also acknowledges that GIRP records and stores the following data for the purposes mentioned in point 4:
-information voluntarily provided by the User for a purpose specified in the Policy, the Terms, the Cookie Policy, on the Website or on any other instrument of communication used by GIRP
-additional information requested by GIRP to the User in order to identify him or to prevent him from violating any of the provisions of the Policy.
3.3 In order to facilitate browsing the Website as well as to optimize technical management, the Website may use "cookies". These "cookies" record, in particular:
-the User's browsing preferences;
-the date and time of access to the Website and other data related to traffic;
-the pages visited.
All information relating to "cookies" is included in GIRP's Cookie Policy.
3.4 When the User accesses the Website, the servers consulted automatically record certain data, such as:
-the type of domain with which the User connects to the Internet;
-the IP address assigned to the User (when connected);
-the date and time of access to the Website and other data related to traffic;
-location data or other data relating to the communication;
-operating system used to access our App;
-the pages visited;
-the type of browser used;
-the platform and/or operating system used;
-the search engine as well as the keywords used to find the Website.
3.5 No nominative data directly identifying the User is collected through the cookies and servers consulted. This information is kept for statistical purposes only and to improve the Website.
4. PURPOSES OF PROCESSING THE DATA
4.1 We process your data for various purposes. For each purpose, only the data relevant to the pursuit of the purpose in question are processed. The processing consists of any operation (manual or automated) on a personal data. GIRP collects, stores and uses its Users’ data for the following purposes, in particular:
-to establish, carry out and conduct the relationship with the User;
-to analyse, adapt and improve the content of the Website;
-to provide the information regarding GIRP;
-to respond to the User’s inquiry about GIRP;
-to develop our business and build a better understanding of what our Users’ needs in the field of medicine distribution;
-formulates, ensures, promotes and defends opinions and measures relative to the scope of GIRP activities at national, European and international level;
-provides and exchanges data on scientific research, information and services related to the activities of its members;
-establish statistics regarding medicine distribution;
-to enable you to register and participate to one of our events;
-to allow the User to receive messages;
-to facilitate the availability and use of the Website;
-to personalize the User's experience on the Website;
-to respond to requests for information;
-for any communication activities and promotions of GIRP’s activities to Users who have given their consent;
-to inform them about any changes on the Website and its features;
-for any other purpose to which the User has expressly consented.
4.2 The legal basis of the processing of your personal data is based on:
- ☒your consent;
- ☒the execution of any request from you;
We do need to collect some of your data to answer any request from you. If you choose not to share this data with us, it may render the performance of the contract impossible.
- ☐ a legal obligation imposed on the controller;
We do need to collect and store some of your data to meet various legal requirements, including tax and accounting.
- ☐ the protection of vital interests;
- ☐ for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller, or
- ☒ our legitimate interest, provided that it is in accordance with your interests, freedoms and fundamental rights.
We have a legitimate interest in providing you with this information and interacting with you, especially to respond to your requests or improve our services, prevent abuse and fraud, control the regularity of our operations, exercise, defend and preserve our rights, for example in litigation, as well as evidence of a possible violation of our rights, manage and improve our relations with you, continually improve our Website and our products/services, unless such interests are supplanted by your interests or your fundamental rights and freedoms requiring the protection of your personal data. We take care in any GIRP to maintain a proportionate balance between our legitimate interest and respect for your privacy.
If the legal basis of our treatment is your consent, you have the right to withdraw it at any time without prejudice to the lawfulness of the processing performed prior to withdrawal.
When you receive information in the context of direct communications, this means that you can unsubscribe at any time from newsletters and other commercial communications from us (e.g. invitations to GIRP events). You will be put in "opt-out". You can unsubscribe by sending us an email at the following address: privacy@girp.eu. Please note that it may take up to 5 working days to process your opt out request.
5. RIGHTS OF THE DATA SUBJECT
5.1 According to the regulations on the processing of personal data, the User has the following rights:
• Right to be informed about the purposes of the processing (see above) and the identity of the data controller.
• Right of access: the User may at any time have access to the data that GIRP has on him or check if it is included in the database of GIRP.
• Right to rectification: we take all reasonable steps to ensure that the data we hold is up to date. We encourage you from time to time to access your account (if applicable) or to consult us to check that your data is up to date. If you find that your data is inaccurate or incomplete, you have the right to ask us to correct it.
• Right to object: the User may, at any time, object to the use of his data by GIRP and by other GIRP State members .
• Right to erasure: the user may, at any time request the deletion of his personal data, except those which GIRP has a legal obligation to keep on record.
• Right of limitation of processing: the User may, in particular, obtain a limitation of processing when he has objected to the processing, when he disputes the accuracy of the data, or when he considers that the processing is illegal.
• Right of portability: The User has the right to receive the personal data that he has communicated to GIRP and may also ask said company to send this data to another data controller.
5.2 In order to exercise his rights, the User sends a written request, accompanied by a copy of his
identity card or his passport, to the data controller:
- by e-mail: privacy@girp.eu
5.3 GIRP will then take the necessary steps to satisfy this request as soon as possible and in any GIRP within one month of receipt of the application. If necessary, this period can be extended by two months, given the complexity and the number of requests.
6. PERIOD OF STORAGE
6.1 GIRP will keep the personal data of its Users for the duration necessary to achieve the objectives pursued (see point 4).
6.2 GIRP may also continue to keep personal data concerning the User, including all correspondence or request for assistance sent to GIRP in order to be in a position to reply to all questions or complaints that may be sent to it or after an event organized by GIRP, and in order to comply with all applicable laws, namely in tax matters or as part of other legal requirements. Once this goal is achieved, we either delete or anonymize.
7. COMPLAINT WITH THE SUPERVISORY AUTHORITY
7.1 The User is informed that he has the right to lodge a complaint with the Data Protection Authority:
Data Protection Authority
Rue de la Presse 35, 1000 Brussels
Tel: +32 (0)2 274 48 00
Fax: +32 (0)2 274 48 35
contact@apd-gba.be
8.SECURITY
8.1 In addition, GIRP has taken the appropriate organizational and technical measures to ensure a level of security adapted to the risk and that, to the extent possible, the servers hosting the personal data processed prevent:
-unauthorized access to or modification of this data;
-improper use or disclosure of such data;
-unlawful destruction or accidental loss of such data.
8.2 In this respect, employees of GIRP and GIRP members who have access to this data are subject to a strict confidentiality obligation. Nevertheless, GIRP may in no way be held liable in the event that this data is stolen or hijacked by a third party despite the security measures adopted.
8.3 Users undertake not to commit acts that may be contrary to this Policy, the Terms, the Cookie Policy or, in general, the law. Violations of confidentiality, integrity and availability of information systems and data which are stored, processed or transmitted by these systems, or the attempt to commit one of these violations, shall be punishable by imprisonment of between three months and five years and a fine of between twenty-six euros and two hundred thousand euros, or one of these penalties only.
9. COMMUNICATION TO THIRD PARTIES
9.1 GIRP treats personal data as confidential information. It will not communicate them to third parties under any condition other than those specified in the Policy, such as to achieve the objectives set out and defined in point 4, or under the conditions in which the law requires it to do so.
9.2. Upon your approval and if deemed necessary, we share your personal information with GIRP members (you have the choice identify which states), all of which provide the same high level of security and protection. When sharing information outside GIRP and with your direct permission (e.g. consulate, embassy, 3rd parties in professional services), we make sure that your information is protected as far as reasonably possible.
9.3 GIRP may communicate its Users’ personal information to third parties to the extent that such information is necessary for the to provide its Users with the Website or answer Users requests. In such GIRP, these third parties will not communicate this information to other third parties, except in one of the two following situations:
-the communication of this information by such third parties to their suppliers or subcontractors to the extent necessary for the performance of the contract;
-where such third parties are obliged by the regulations in force to communicate certain information or documents to the competent authorities in the field of combating money laundering, as well as, in general, to any competent public authority.
9.4 The communication of this information to the aforementioned persons shall, in all circumstances, be limited to what is strictly necessary or required by the applicable regulations.
9.5 We do not sell any data
10. TRANSFER TO A COUNTRY OUTSIDE OF THE EUROPEAN ECONOMIC AREA
10.1 GIRP transfers data to a country outside the European Economic Area only when that country ensures an adequate level of protection within the meaning of the legislation in force and, in particular, within the meaning of the General Data Protection Regulation (for more information on the countries offering an adequate level of protection, see: https://goo.gl/1eWt1V), or within the limits permitted by the legislation in force, for example by ensuring the protection of data by appropriate contractual provisions.
10.2 The information processed by GIRP will be transferred or transmitted, or stored and processed, to our members in the EU, EEA, EFTA countries, the United States and Canada. These data transfers are based on our legitimate interest to share our list of members within the organisation. We use standard contractual clauses approved by the European Commission and we rely on the European Commission's adequacy decisions concerning certain countries, where appropriate, for data transfers from the European Economic Area. If you have any questions in this regard, do not hesitate to contact us at the following address: privacy@girp.eu
11. DIRECT COMMUNICATION
11.1 We only use your email address to send you information about GIRP and our activities.
11.2 Based on our legitimate interest based on our existing relationship, we will subscribe you to our newsletter and provide you with information that may interest you. You can unsubscribe from these communications at any time by sending an email to the following address: privacy@girp.eu
12. NOTE CONCERNING MINORS
Persons under the age of 18 and persons who do not have full legal capacity are not allowed to use the Website. GIRP asks them not to provide their personal data. Any infringement found in this provision must be reported without delay to the following address privacy@girp.eu
13. UPDATES AND CHANGES TO THE POLICY
By informing Users through the Website or email, GIRP may modify and adapt the Policy, in particular to comply with any new legislation and/or regulations applicable (such as the General Data Protection Regulation), the recommendations of the Belgian Data Protection Authority, the guidelines, recommendations and best practices of the European Data Protection Board and the decisions of the courts and tribunals on this issue.
14. VALIDITY OF THE CONTRACTUAL CLAUSES
14.1 Failure by GIRP to invoke - at any given time - a provision of this Policy, may not be interpreted as a waiver to subsequently make use of its rights under the said provision.
14.2 The invalidity, expiration or the unenforceable nature of all or part of one of the above or below mentioned provisions shall not give rise to the invalidity of all the Policy. Any fully or partially invalid, lapsed or unenforceable provision shall be deemed not to have been written. GIRP undertakes to substitute this provision with another which, to the extent possible, fulfils the same objective.
15. APPLICABLE LAW AND COMPETENT COURT
15.1 The validity, interpretation and/or implementation of the Policy are subject to Belgian law, to the extent permitted by the provisions of applicable private international law.
15.2 In the event of a dispute relating to the validity, interpretation or implementation of the Policy, the courts and tribunals of Brussels have exclusive jurisdiction, to the extent permitted by the provisions of applicable private international law.
15.3 Before taking any step towards the judicial resolution of a dispute, the User and GIRP undertake to attempt to resolve it amicably. To this end, they shall first contact each other before resorting, where appropriate, to mediation, arbitration, or any other alternative method of dispute resolution.