Privacy Policy

Introduction

The purpose of this Privacy Statement is to provide transparency regarding Phyto-Pharma BV’s position on privacy and the processing of personal data. Our goal is to show that we handle personal data carefully in a manner that is in accordance with applicable laws and regulations, including the General Data Protection Regulation (GDPR).

Phyto-Pharma BV processes personal data of the following categories of persons, also referred to as data subjects:

Customers;
Suppliers;
Patients;
Website & webshop users;
Website visitors;
Visitors;
Employees & applicants, who fall outside the scope of this Privacy Statement.

Summary

Like any other company in the digital age, Phyto-Pharma BV also processes personal data. By means of this privacy statement, we want to provide transparent insight into the personal data that we process and for what purposes.

The business activities of Phyto-Pharma BV focus mainly on deliveries to patients and customers. We also supply customers within the pharmaceutical industry, such as prescribers, pharmacies, hospitals and clinics. In this sense, the processing of personal data is necessary for our business processes, but is not part of our core activities.

Phyto-Pharma BV processes personal data of the following categories of persons, or data subjects:
Customers;
Suppliers;
Patients;
Website & webshop users;
Website visitors;
Visitors;
Employees & applicants, who fall outside the scope of this Privacy Statement.

Patients are a special category of data subjects for Phyto-Pharma BV, because health information is classified as highly sensitive within the General Data Protection Regulation. We receive personal data from individual patients that we use to enable the preparation of customized medication. We use this personal data to correctly identify the patient with the aim of protecting the health of the patient. In its capacity as a compounding pharmacy, Phyto-Pharma BV must determine that the medication is in accordance with the needs of the patient, his safety and the prescription. Individual medical conditions play an important role here.

For additional comments and/or questions about our Privacy Statement or the processing of personal data by Phyto-Pharma BV, please contact us at info@phyto-pharma.nl

Processing

Customers

What type of personal data do we process?

Phyto-Pharma BV serves various customer groups within the pharmaceutical industry, including prescribers, pharmacies, hospitals and clinics. We process some personal data of the professionals who represent our clients.

Phyto-Pharma BV processes the following types of customer personal data:
Name
Contact information (email address, phone number)
Job title

What is the purpose of the processing?
Phyto-Pharma BV processes personal data of customers for the following purposes:

provide an adequate sales system for order processing; provide the best service.

What is the legal basis for the processing?
We process personal data in order to be able to implement the commercial agreements with our customers.

Legal obligation

Based on the GxP standards, we have a legal obligation to process certain personal data. In general, Phyto-Pharma BV has the obligation to know who its customers are and to follow up on who receives our products. This concerns personal data that by their nature is not very sensitive, such as names, telephone numbers and e-mail addresses.

Legitimate interest

Phyto-Pharma BV has a legitimate interest in processing personal data of customers for marketing purposes. To determine whether there is a legitimate interest, we will always make an assessment of the potential impact of the data processing on the customer. We will inform our customers about their rights and provide the opportunity to object to data processing in an accessible manner.

What is the retention period?

Phyto-Pharma BV retains the personal data in accordance with the applicable legal retention period or as long as necessary in accordance with the purpose of the data processing.

Suppliers

What type of personal data do we process?

Phyto-Pharma BV processes the following types of personal data of suppliers:
Name
Contact information (email address, phone number)
Job title

What is the purpose of the processing?

Phyto-Pharma BV processes personal data of suppliers for the following purposes:
guaranteeing the correct handling of the ordering process;
fulfilling contractual obligations.

What is the legal basis for the processing?
Phyto-Pharma BV processes personal datadata in the context of the implementation of the agreements with its suppliers and the obligations arising therefrom.

Legal obligation

Phyto-Pharma BV is legally obliged to process certain personal data. These obligations arise from pharmaceutical legislation and regulations, such as the GxP standards. In general, we have an obligation to only do business with suppliers who have the appropriate qualifications, which makes it necessary to process personal data. This concerns personal data that by their nature is not very sensitive, such as names, telephone numbers and e-mail addresses.

What is the retention period?

Phyto-Pharma BV stores personal data in accordance with the legal retention period or as long as necessary in accordance with the purpose of the data processing.

Patients

What type of personal data do we process?

We maintain the highest level of quality in our state-of-the-art compounding pharmacy, in accordance with GxP standards. We process personal data of individual patients for the preparation and delivery of tailor-made medication. Patients are a special category of data subjects for Phyto-Pharma BV, due to the highly sensitive health information we process.

Phyto-Pharma BV processes the following types of personal data of patients:
Name
Address
Date of birth
Sex
Citizen service number
Health information

What is the purpose of the processing?

The protection of the patient’s health requires correct identification during the ordering process. Phyto-Pharma BV must ensure that the medicines that are prepared correspond to the prescription and the needs of the individual patient. This information is crucial to take into account specific medical conditions.

Phyto-Pharma BV performs medication monitoring before handing over, for which specific health information is collected.

What is the legal basis for the processing?
Permission

In some situations, Phyto-Pharma BV will ask for written consent from the patient to process personal data for specific purposes.

Legal obligation

Phyto-Pharma BV must comply with various legal obligations arising from pharmaceutical legislation and regulations, such as the GxP standards, the NAN and the WGBO. In this context, the processing of personal data is unavoidable.

Legitimate interest

Phyto-Pharma BV has a legitimate interest in processing personal data of patients in the event that no other legal basis applies or in the event that a legitimate interest is most appropriate. Watching over the health of the patient is a legitimate interest for us. We will assess whether there is a legitimate interest on the basis of the potential impact of the data processing on the patient.

What is the retention period?

Phyto-Pharma BV retains the personal data in accordance with the applicable legal retention period or as long as necessary in accordance with the purpose of the data processing.

Website & webshop users

What type of personal data do we process?

Phyto-Pharma BV processes the following types of personal data of website & webshop users:
Name
E-mail address
Profession
Newsletter Preferences
Online behavior on our website

What is the purpose of the processing?

Phyto-Pharma BV processes personal data for maintaining the website accounts and providing the requested services, such as the web shop. We may also ask these users about their user experiences through surveys in order to improve our online services.

What is the legal basis for the processing?

Permission

If this is obvious, Phyto-Pharma BV will request written permission from users for the processing of personal data via the website.

Legitimate interest

Phyto-Pharma BV has a legitimate interest in processing personal data for marketing purposes. We will always weigh the interests of the individual user against the interests of Phyto-Pharma BV to process the personal data, so that we can determine the impact. Phyto-Pharma BV is responsible for safeguarding the rights of the website & webshop users and will inform them about the possibility to object to the processing in an accessible manner.

What is the retention period?

Phyto-Pharma BV retains the personal data in accordance with the applicable legal retention period or as long as necessary in accordance with the purpose of the data processing.

Website visitors

What type of personal data do we process?

Phyto-Pharma BV processes the following types of personal data of website visitors:
Online behavior on our website

What is the purpose of the processing?
Phyto-Pharma BV processes data about the online behavior of website visitors for the purpose of maintain and improve the website.

What is the legal basis for the processing?
Legitimate interest

Phyto-Pharma BV has a legitimate interest in processing personal data for marketing and communication purposes. We will always weigh the interests of the website visitor against the interests of Phyto-Pharma BV to process the personal data, so that we can determine the impact. Phyto-Pharma BV is responsible for safeguarding the rights of website visitors and will inform them about the possibility to object to the processing in an accessible manner.

What is the retention period?

Phyto-Pharma BV retains the personal data in accordance with the applicable legal retention period or as long as necessary in accordance with the purpose of the data processing.

Visitors

What type of personal data do we process?

Phyto-Pharma BV processes the following types of personal data of visitors to our branches:
Name
Contact information (phone number, email address)

What is the purpose of the processing?

Phyto-Pharma BV processes personal data of visitors for the following purposes:
ensuring safety in our pharmacy;
identification of individuals in case of misconduct.

What is the legal basis for the processing?
Legal obligation
Phyto-Pharma BV has a legal obligation to register visitors to our pharmacy on the basis of the GxP standards.

Legitimate interest

Phyto-Pharma BV has a legitimate interest in processing personal data from a security point of view. We will assess whether there is a legitimate interest on the basis of the potential impact that the data processing has on the visitor.

What is the retention period?

Phyto-Pharma BV retains the personal data in accordance with the applicable legal retention period or as long as necessary in accordance with the purpose of the data processing.

Safety

Phyto-Pharma BV secures your personal data against unauthorized access, use or inspection. Your personal data is stored on servers in a controlled and secure environment. In the event that personal data is transferred to other websites, it is secured via Secure Socket Layer (SSL), which means that all sensitive information is encrypted before it is sent non-identifiable.

In addition to the standard security procedures, technical and functional checks are regularly carried out and audits are carried out by independent parties. The purpose of this is to ensure the security of our IT systems and to identify potential risks. A standard measure is that all information is always encrypted.

Transfer and security

Third Party Processors

Phyto-Pharma BV uses external processors for various processes. We only work with external processors who meet certain predetermined security requirements. Phyto-Pharma BV will always conclude a processing agreement in case personal data are processed by an external processor.

Internal & external receivers

Under certain circumstances, Phyto-Pharma BV passes on personal data to internal and external recipients. By internal recipients we mean our internal departments, within which personal data is only shared on a need-to-know basis. An example of an external recipient of personal data is the government to whom we provide personal data on the basis of legal obligations. In addition, we also share personal data with other controllers with whom we collaborate, for example an external compounding pharmacy with whom we place an order. If we engage external advisers, such as legal advisers, they are also regarded as external recipients and not as processors.

Phyto-Pharma BV as controller

If Phyto-Pharma BV processes personal data in the context of a contract with its customers, it does not process personal data on behalf of the customer. Phyto-Pharma BV processes personal data for its customers on its own responsibility in its role as controller. This means that Phyto-Pharma BV itself is responsible for complying with its legal obligations under the applicable privacy laws and regulations when personal data of customers are processed. As a result, the existence of a processing agreement between Phyto-Pharma BV and its customers is not required.

If Phyto-Pharma BV processes personal data in the context of handing over, it will process this in the context of the WGBO. As a result, the existence of a processing agreement between Phyto-Pharma BV and its patients is not required.

Customers may expect that Phyto-Pharma BV processes personal data with the highest degree of care and security. Phyto-Pharma BV secures its sytems.
agree to appropriate measures to ensure the privacy of its customers.

Rights of the data subjects

Right of access

Every data subject has the right to access his or her personal data that are processed by Phyto-Pharma BV. Upon request, we will provide a copy of the personal data we process. We aim to comply with such a request within one month of receipt, but we may extend this period by two months in complex situations. We will always inform you in good time about the reasons for the delay. Phyto-Pharma BV reserves the right to charge a minimal fee if the request for inspection is disproportionate.

Right to rectification

You have the right to submit a request to Phyto-Pharma BV to change your personal data if this information is incorrect. We aim to comply with this request within one month of receipt, but we can extend this period by two months in complex situations. We will always inform you in good time about the reasons for the delay. If applicable, we will inform the external recipients of your personal data about the change.

Right to erasure

You have the right to ask Phyto-Pharma BV to erase your personal data in the following circumstances:
the purpose of the data processing no longer exists;
you have withdrawn your consent;
you object to the processing of your personal data;
the processing is against the law;
your data must be erased on the basis of a legal obligation.

Phyto-Pharma BV may reject your request in the following cases:
Phyto-Pharma BV has a legal obligation to process personal data;
the processing is necessary for the establishment, exercise or defense of a legal claim;
the processing is necessary to ensure the quality of our products;
the request to erase data is unfounded or disproportionate.

In case Phyto-Pharma BV has shared your personal data with external recipients or via an online platform, we will inform these external recipients about your request for deletion. An exception to this is the situation in which providing information proves impossible or requires a disproportionate effort from Phyto-Pharma BV.

We aim to respond to your request within one month of receipt, but we can extend this period by two months in complex situations. We will always inform you in good time about the reasons for the delay or rejection. In the event that we reject your request, we will inform you of the reason for this.

Right to restriction of processing

You have the right to ask Phyto-Pharma BV to limit the processing of your personal data in the following cases:
your personal data is not current;
you have objected to the data processing and Phyto-Pharma BV examines whether it has a legitimate interest in processing your data;
the data processing is in violation of the law;
you need your personal data for a legal matter, while Phyto-Pharma BV no longer needs your personal data.

We will inform you in good time about the method used to comply with your request for restriction of processing.

Phyto-Pharma BV may reject your request if it is unfounded or disproportionate. We aim to respond to your request within one month of receipt, but we can extend this period by two months in complex situations. We will always inform you in good time about the reasons for the delay or rejection.

Right to portability of personal data

In certain circumstances you have the right to portability of your data, so that you can (re)use your personal data in different IT systems. In this case, you will need to access your personal data in an accessible format that allows you to transfer your data in a secure and easy way.

This right to portability only exists in the following cases:
you have personally provided your personal data to Phyto-Pharma BV;
the processing of your data is based on your consent or an existing agreement;
the processing of your data takes place via automated systems.

Right of objection

You have the right to object to the processing of your personal data if the following conditions are met:
– The reason for the objection lies in your personal circumstances;

One of the following circumstances exists:
– Phyto-Pharma BV has a court

interest in processing your personal data;
– Phyto-Pharma BV processes your personal data for direct marketing purposes.

Phyto-Pharma BV does not have to comply with your request if the following conditions are met:
– The processing of your personal data does not relate to direct marketing;
One of the following circumstances exists:
– Phyto-Pharma BV has a legitimate interest in processing your data that outweighs your personal interest;
– Phyto-Pharma BV processes your personal data in connection with a legal dispute.

Complaints

If you have a complaint about the processing of your personal data by Phyto-Pharma BV, you can send an e-mail to info@phyto-pharma.nl. If you are not satisfied with the handling of your complaint, you can contact the Dutch Data Protection Authority.

Phyto-Pharma BV is committed to protecting your privacy and developing technology to offer you the best and safest online environment. We use cookies to improve the user-friendliness of our website.

What are Cookies?

Cookies are small text files that are temporarily stored on your computer when you visit our website. Cookies are used to monitor the preferences of website visitors with the aim of improving the user experience. An example of this is that cookies provide insight into the web pages that are visited and how website visitors switch between different web pages. In addition, cookies keep track of how many visitors come to the website and how long they stay on the website. Phyto-Pharma BV uses this information to optimize its website.

Are cookies safe?

Cookies are safe. They do not store personal data or other sensitive information that can be traced back to an individual. In addition, it is not possible to retrieve personal data through the use of cookies and no spam or other undesirable e-mail traffic can take place via cookies.

How can I change my cookie settings?

Via your browser settings you can indicate which websites are allowed to use cookies. For example, you can adjust the following settings:
you can ask for a notification if a website wants to place cookies;
you can refuse third-party cookies;
you can delete cookies.

Contact

For more information, questions and/or comments regarding this Privacy Statement or the processing of personal data by Phyto-Pharma BV, please contact the privacy contact person via the information below:

Phyto Pharma BV
Klaas Riepma
Minden 30
7327AW Apeldoorn
06 54 325 301