Privacy Policy

Avansor Pharma Oy

Privacy statement
Registrar
Avansor Pharma Oy (hereinafter “Avansor” or “We”) acts as the registrar of your personal data.
Our contact information:

Avansor Pharma Oy (1835834-2)
Tekniikantie 14, 02150
Espoo
info@avansorpharma.fi

We respect your privacy and comply with applicable data protection legislation when collecting, storing and
processing personal data. In the following, we explain how we collect, store and process your personal
data, what your rights are and how you can apply them.
Collection of personal data, content, and purpose of use
Collection and content of personal data
Your personal data may end up being used by us e.g. from the following sources:
– when dealing with us in person or through your representative, by phone, mail or e-mail
– when you visit our homepage or mobile websites
The personal data we collect includes the following information:

Feedback via the homepage
– Name
– Company / organization
– E-mail address

Address books for direct marketing and newsletters

– Name
– Address or E-mail
– Workplace (if mailing is addressed to the workplace)

When registering for events we organize or participating in sweepstakes or competitions

– Name
– Address
– Phone number
– Workplace

The side effect reports we receive from you, your family or caregiver may include:

– Your name
– Your age
– Your gender

-Contact information (Phone number or E-mail address)
-Information about your health and medication you use

When we receive a report of an adverse reaction or feedback related to the quality of our product from the
end user of the product or his representative, we may have to contact the person making the report in
order to obtain more information for the purpose of fulfilling our legal obligations.

When you visit our homepage

– Ip-address
Purpose of use of personal data
We can use your personal data for the following procedures
– To fulfill our legal obligations
– For processing customer feedback
– For processing contracts, offers or applications
– For the development of web-, mobile- and social media applications
– For marketing or implementing marketing bans
– For organizing events

Legal grounds

Adverse effect report and product quality
Regarding feedback about adverse effects and quality of medicinal products sold and marketed by Avansor,
the legal basis for processing personal data is compliance with statutory obligations.

Customer feedback, web- and mobile applications, social media, direct marketing, newsletters,
opportunities and events
Avansor also collects personal data in connection to customer feedback and public events unrelated to side
effects and product quality, as well as through electronic media.
In the above situations the legal basis for collecting personal data isa legitimate interest as defined in the
Data Protection Act (see below), consent or both.

Legitimate interest

We have a legitimate interest in developing and expanding our product range and the services we offer
based on the feedback we receive. Marketing our products and distributing product information to
targeted customer groups is also our legitimate interest. However, we do not deliver marketing material or
newsletters without the consent of the target person. We also have a legitimate interest in improving the
operation of our online and mobile websites and to prevent possible abuse related to them.

Groups to which personal data is disclosed

Avansor discloses personal data to third parties in situations described below. In fulfilling our statutory
obligations related to adverse effect notifications. We hand over anonymized personal data to reliable
service providers whose activities are regulated by the contractual arrangements between Avansor and the
service providers and who are committed to complying with the provisions of data protection legislation.
Service providers may use anonymized personal data only to perform statutory tasks and may retain
anonymized personal data only as long as required by law and official regulations. Service providers can be
located in an EU country outside the country of residence of the target person or inthe UK. Avansor and its
service providers hand over side effect reports to the Eudravigilance database maintained by the EU
pharmaceutical authorities. If necessary, we also hand over personal data to courts and competent
authorities.

The right to inspect, correct, delete personal data and object to data
processing

The registered person has the right to check the correctness of the register information about him and to
demand the correction of any incorrect information. The correction request must be made in writing. If
necessary, we may verify the identity of the requester.

When the register data is based on our legitimate interests, the data subject can, for a justified reason,
demand that the data controller deletes the personal data concerning him (be forgotten). A request to this
effect must be submitted to us in writing. If necessary, we verify the identity of the requester. The deletion
of register data has no legal effect on the processing of register data in the period before the deletion of
register data.

If the register data is based on our legitimate interests, the data subject can, based on a special situation,
object to the processing of the data. The claim to this effect must be submitted in writing and the claim
must identify the specific situation on which the claim is based. You can request the deletion of the register
data we maintain for direct marketing at any time. You also have the right to revoke the consent you gave,
based on which your personal data was registered. If you want to take advantage of your rights explained
above, contact the registrar.

The right to file a complaint with the supervisory authority

If you believe that your data protection rights have been violated, you can file a complaint with the Data
Protection Commissioner. Contact information for the Office of the Data Protection Officer can be found at
www.tietosuoja.fi.

Personal data retention periods

We keep personal data only for as long as it is necessary to fulfill each purpose.

In order to comply with statutory obligations, we keep the personal data we collect for as long as the law
requires at any given time.

Security measures related to the processing of personal data

We do not disclose the personal data we collect within our organization to other than those persons for
whom it is necessary to perform the task for which the personal data was collected.
Physically recorded personal data is stored in locked facilities with electronic access control. Electronically
recorded personal data is protected by firewalls, anti-virus programs and spam filters.