Thank you for visiting our website. The protection and confidentiality of your personal data is of particular importance to us.
With this Policy we aim to inform you about the processing of personal data we collect in connection with our activities. Personal data covers any information relating to an identified or identifiable individual. This includes information such as a name, address, e-mail or phone number. Information that is not directly related to your identity, for example, the number of users on the website, does not fall within this scope.
Most of our services do not require any form of registration. However, some services, e.g. the reporting form for an adverse drug reaction (adverse effect) or the form for exercising data subject rights, as well as the contact form, require the provision of personal data.
For the purposes of this Policy:
“Personal data” means any information provided by users, health care professionals, clients or contractors of SOPHARMA AD in relation to (including but not limited to):
- registration and use of the websites and/or online applications owned and administered by SOPHARMA AD (including the official websites of the Company in social networks - Facebook, Instagram, Twitter, Linkedin, Youtube, etc.)
- reporting of adverse drug reactions, adverse effect/incident during the use of cosmetic/medical products offered by SOPHARMA AD;
- risk assessment of the reported drug reactions;
- responses to requests, complaints, enquiries and comments on products or activities of SOPHARMA AD;
- obtaining and sending information about campaigns, initiatives or other events organized, supported or financed by SOPHARMA AD;
- exercising data subject rights.
"Sensitive personal data" are data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs or trade union membership, as well as processing of genetic data, biometric data for the sole purpose of identifying an individual, data concerning health condition or sexual life or sexual orientation of the person.
"Processing of personal data" of a user (customer or contractor) means any operation or set of operations performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, extraction, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
“Administrator/controller” means a natural or legal person, public authority, agency or other body which, independently or jointly with others, determines the purposes and means of the processing of personal data.
“Processor of personal data” means a natural or legal person, public authority, agency or other body which processes personal data on behalf of SOPHARMA AD.
"Adverse drug reaction" under this Policy means an undesired, unforeseen or harmful reaction resulting from the use of a medicinal or cosmetic product of SOPHARMA AD.
“Third Party” means a natural or legal person, public authority, agency or body other than the data subject, administrator, data processor and persons who, under the direct authority of the administrator or processor, are authorized to process personal data.
"Data subject" means a natural person who can be identified, directly or indirectly, in particular by an identifier such as a name, an identification number, location data, an online identifier or by one or more factors, specific for the physical, physiological, genetic, psychological, mental, economic, cultural or social identity of that natural person.
"Applicable legislation" means the legislation of the European Union and the Republic of Bulgaria, which is relevant to the protection of personal data (Personal Data Protection Act, etc.);
"Regulation (EC) 2016/679" means Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and for repealing Directive 95/46/CE (General Data Protection Regulation), published in the Official Journal of the European Union on 4 May 2016, hereinafter referred to as “the Regulation.”
SOPHARMA AD is a joint-stock company, registered in the Commercial Register at the Registry Agency under Business Number (EIK) 831902088, with registered office and address: Sofia, 16 Iliensko shose Str., tel: 8134200 (SOPHARMA AD, “We” or the “Company”). In compliance with the applicable legislation on the protection of personal data, Sopharma acts as a personal data administrator, with respect to the personal data of the users of the website and its applications.
Sopharma is a leading pharmaceutical company in Bulgaria, with established positions in the market of high-quality medicinal products.
How to contact us?
If this policy does not answer your questions or you have any other enquiry, please contact us directly at the following address: 1220 Sofia, 16 Iliensko Shose Str., or by e-mail: firstname.lastname@example.org, or contact our Privacy Officer: Ernst & Young Law Office.
Which personal data do we process?
We collect and process your personal data through our website, including online applications as well as through special forms submitted by you to our website, namely the Reporting Form for Adverse Drug Reactions (undesired effect for cosmetic products, adverse effect - for medical devices), Form for exercising data subject rights, Contact form, etc.
We may process the following categories of personal data (listing is exemplary and not exhaustive) provided by you or for you by third parties who have reported about your suspected or occurred adverse drug reactions, in line with our obligation to monitor the safety of our Company’s products. (Such third parties may include health professionals, relatives or others):
A) General Personal Data Category
- Name and surname or
- Phone number
3. Sex, age and date of birth, weight, height
4. Expressed interests, preferences, opinions, comments, positions and the like in connection with the activities of SOPHARMA AD, including specific campaigns, initiatives or other events organized, supported or financed by SOPHARMA AD.
B) Sensitive Personal Information Category
1. Health data provided through the Reporting Form for Adverse Drug Reactions, including, but not limited to:
- information on the product used, the dose taken or prescribed, the reason for taking or prescribing the product, and any subsequent change in your usual health status;
- details of other medicines/preparations/products you are taking or were taking when the undesired drug reaction occurred and the reason for taking those medications/products;
- details of the undesired reaction you have experienced, the treatment applied and any long-term effects which the reaction has caused to your health;
C) Other Data
Any other information you may provide voluntarily by accessing and/or using our website, including applications operating on it, forms for filling out, etc., or by access to and/or use of the Company's official websites on social networks - Facebook; Instagram; Twitter, Linkedin, Youtube, etc.).
On what basis do we process your personal data?
For your information, we have identified the most typical grounds on the basis of which Sopharma processes your personal data as outlined in this Policy (the listing is not exhaustive):
- with regard to data categories A) and C) Art. 6, para. 1 (a) of the Regulation, namely the consent given by the data subject. For a category of standard personal data, processed in connection with reporting of adverse drug reactions, an undesired effect/incident during the use of cosmetic products/medical devices offered by Sopharma AD – legal obligation according to Art. 6, para. 1 (c) of the Regulation.
- with regard to data category B) – Art. 9, para. 2, (i) of the Regulation, namely public health considerations in the area of public health, such as protecting against serious cross-border threats to health or ensuring high standards of quality and safety of health care and of medicinal products or medical devices.
When we receive the data on the basis of your consent and it is being withdrawn, the personal data will be erased from the systems of SOPHARMA AD within one month of receiving your request for withdrawal of the consent. If, as a result of objective circumstances, e.g. specific legal regulations, the reason for processing your personal data is not an agreement, and Sopharma refers to another ground for processing, you will be duly notified within one month of receipt of the request for withdrawal of your agreement and of your specific rights and time limits, after which you may request that your data be erased, respectively our counterparty obligations will be to erase them after the expiration of these deadlines. The one-month term starts on the date of identification of the person who has requested withdrawal of consent through the approved channels for communication with SOPHARMA AD.
What are the purposes we use your data for?
The personal data we collect from you will be solely used for the purposes initially declared and/or as required by the applicable law.
If needed, your personal information may be used for a new purpose which is not explicitly indicated in this Policy, then we will provide you with all relevant information regarding the new processing and, when necessary, we will require your prior consent for that.
The personal data you provide will be used for the purpose of administering the service, including but not limited to:
- registration and use of the websites and/or online applications owned and administered by SOPHARMA AD,
- processing of the information provided through the reported adverse drug reactions, undesired effect/ incident during the use of cosmetic products/medical devices offered by Sopharma AD, in order to meet the requirements of medicinal safety, health security and all legal requirements;
- evaluation of the benefit-risk ratio of the drugs by analyzing the reported signals;
- enabling us to fulfill our legal obligations as a licensed manufacturer of medicines and to provide you with the best service and unimpeded access to information about our products;
- enabling us to contact you regarding the information you report to us through the special forms of reporting/contacting/exercising of right, uploaded on our website and, if needed, to receive additional information;
- responding to requests, enquiries and comments on products of SOPHARMA AD, as well as campaigns, initiatives or other events, organized, supported or financed by SOPHARMA AD.
- exercising your rights as data subjects.
SOPHARMA AD does not use automated decision making processes, including profiling within the meaning of the Regulation.
Who has access to your information?
Sopharma is the administrator of your personal data and, as such, will not share, transmit, disclose or distribute your personal data to third parties other than those set out in this Policy. Sopharma respects and protects the confidentiality of your personal data. Subject to legal requirements or your consent, the Company may disclose your personal data to third parties who process personal data, joint or independent administrators.
Sopharma may also disclose and transfer your personal data to companies located outside the EU and EEA territory as far as there are appropriate safeguards to protect the shared data, or in the absence thereof, depending on whether and to which extent any exceptions provided for in Regulation (EC) 2016/679 may apply.
Persons and companies with whom we share information are:
- Service Providers. In the course of technical maintenance of information systems and operational support of our activity, Sopharma may disclose personal data. Such disclosure is possible only if there is good reason for that and on the basis of a written agreement with the recipients to provide an adequate level of protection.
- Other companies in the group of SOPHARMA AD based on our legitimate interest in the group's internal administrative objectives (e.g. IT infrastructure management), as well as with respect to legal obligations in relation to accountability.
- Regulatory national and European administrative bodies (including the European Medicines Agency) obtaining information on the basis of legal authority to request and receive such information, as well as other state bodies in the cases provided for by law, in connection with the fulfillment of legal obligations or in connection with legal proceedings.
- Companies involved in the licensing of medicinal products.
How long do we store your personal data?
Your personal data will be stored for a certain period of time solely for the purposes for which they were collected and processed. They can be stored on paper as well as in electronic media. For example, your contact details will only be stored and used for sending information you have requested from us until you withdraw your consent.
Your rights with respect to your personal data
Subject to Bulgarian and European legislation, including Regulation (EC) 2016/679, you have the following rights with respect to your personal data processed by SOPHARMA AD:
1. to receive access to your personal data processed by SOPHARMA AD , and get a copy thereof;
2. in case of incompleteness or inaccuracy in the data processed by SOPHARMA AD, your personal data will be rectified;
3. to request that your data be erased, when the conditions are available, namely:
- The target for which the data were collected is achieved;
- you have withdrawn your consent when the processing is based on consent and there is no other legal basis for processing;
- your data are processed unlawfully, etc.;
4. in some cases you may request that the processing of your personal data be restricted, when:
- you dispute the accuracy of your personal data for a period that allows us to verify the correctness of the personal data;
- the processing is illegal, but you are not inclined your personal data to be deleted, and you require instead restriction of their use;
- SOPHARMA AD no longer needs your personal data for the purposes for which they were initially collected, but you require them to be kept for the establishment, exercise or protection of legal claims;
5. you have objected to the processing of the data based on the existence of a legal interest for the Company; in cases when your data are processed on the grounds of legitimate interest (listed above in this notice), you can object to the processing of your personal data on that basis;
6. to exercise your right to data portability and request that your data be provided in a structured, commonly used and machine-readable format;
7. to withdraw your consent, when the processing of your personal data is based on consent.
We do our best to keep your data up to date. However, if you notice any incorrect data or other irregularities, you can exercise your rights as a data subject by contacting us at email@example.com. We will respond to your request as soon as possible and no later than one month after receiving it. If necessary, this period may be extended by two more months, taking into account the complexity and the number of requests. SOPHARMA AD will inform you of any such extension within one month of receipt of the request, indicating as well the reasons for the delay.
You also have the right to lodge a complaint with the Personal Data Protection Commission when the relevant prerequisites exist.
How do we protect your personal information?
The security of your data is important to us. When you provide your data to us, we will take appropriate technical and organizational measures and will do our utmost to ensure that they are handled and processed securely in our systems.
We have put in place reasonable procedures to enhance the safety of the information collected and to restrict access to your personal data only to those employees who need access to meet their obligations.
The websites of SOPHARMA AD contain links to other websites. We are not responsible for the contents or privacy notices of any of these sites. If you provide personal information to any of these sites, your information is governed by their privacy policies. We encourage you to carefully read the privacy notices of any website you visit.
Changes to the current Policy
Cookies Policy of Sopharma AD
What are cookies like?
HTTP cookie, usually called simply “cookies" is a package of information sent by a web server to Internet browser, for instance Internet Explorer, Microsoft Edge, Safari, Opera, Mozilla Firefox, Google Chrome and so on, and after that returned by the browser each time when it has access to this server. A certain cookie remains in your device for use at a next session, when it may be erased in the meantime. In event that you use more than one browser, each of them has separate space for storage of cookies. The cookies do not refer to a certain person but to a combination of a device and an Internet browser. Therefore, a person who uses several browsers and/or devices has a separate set of cookies for each combination of a device and a browser. On the other hand the cookies do not make a difference amongst a multitude of users sharing the same device and a browser, unless they have different user’s profiles.
Cookies perform a multitude of various functions. For instance, they help us to remember your user name or preferences and to analyze how well our sites present themselves.
What data do we collect?
Other devices for tracing down
We may use other standard technologies as tags of pixels (Facebook) and other Internet markings (“web beacons”), to trace down how you use our web sites and promotions or we may allow third parties – providers of services to use these devices on our behalf. The tags of pixels and other Internet markings (“web beacons”) are small graphic images located in individual parts of our Web sites or in our e-mails and let us find out whether you have performed a certain action. When you receive access to these sites or open or click over an e-mail, the tags of pixels or other Internet markings (“web beacons”) send a notification (which does not contain personal data) about this action. The tags of pixels allow us to understand the users, to calculate and segment the user’s traffic, to measure conversions on our Web sites as well as to retarget (remarket) advertisements. We may also use tags of pixels and other Internet markings (“web beacons”), which our shareholders or marketing partners present to us for the same purposes.
When you visit our Web sites, we and/or our authorized Third Parties – Providers of Services and Advertisers may automatically collect such information through the use of electronic instruments as Cookies and other Internet markings (“web beacons”) or indication (“tagging”) of pixels.
How you could exclude the Cookies?
All the modern browsers let you change the settings for cookies. You may usually find these settings in menu "options" or "preferences" on your browser. To allow you to be clear about these settings, the following links may help you or you may use the button “Help” from the menus on your browser for more details:
- Cookies in Google Chrome
- Cookies in Mozilla Firefox
- Cookies in Microsoft Internet Explorer
- Cookies in Apple Safari / iOS
If you worry most of all about the advertising cookies to third parties generated by advertisers, you may switch them off from here: Your Online Choices site.
Please, have in mind that if you decide to stop the cookies, some sections of our sites and/or software platforms may not work appropriately.
The cookies we use may collect information about your IP address and your electronic mail, which we do not present to third persons.
More information about the manner, which the business uses the cookies in, is available on: www.allaboutcookies.org.
If you have any questions with regard to this Cookies Policy, contact us on e-mail: firstname.lastname@example.org