Prestige Consumer Healthcare

UK & EU  Pharmacovigilance Privacy Notice

1.     Purpose of the Privacy Notice

Prestige Brand (UK) Limited and Prestige Brands GmbH (hereafter “Prestige”, “we”, “our”, “us”) is committed to maintaining the accuracy, confidentiality, and security of your Personal Data.  This Privacy Notice explains how we collect, use, and disclose Personal Data that we obtain when you communicate with us. 

2.     Scope of the Privacy Notice

The scope of this Privacy Notice is limited to the collection and processing of your Personal Data for pharmacovigilance-related purposes (i.e., drug safety) and/or medical information inquiries.  For more detailed information about our data processing practices, please visit Prestige Brands Website to review our Privacy Policy

3.     Types of Personal Data Collected by Prestige

Personal Data is defined as any information that can be used to identify an individual either on its own or when combined with other available data.    

Personal Data Prestige Collects from You

Prestige collects information that you provide directly to us when you report an adverse event or other activity related to pharmacovigilance.  In addition, we collect information from you in relation to a medical inquiry.  The type of Personal Data collected and processed by Prestige depends on whether the communication with you relates to pharmacovigilance or a medical inquiry. 

  • Pharmacovigilance. As it relates to pharmacovigilance-related communications, Prestige collects the following types of Personal Data: (1) name, (2) contact details, (3) age or date of birth, and (4) affiliations/profession of the reporting individual.  In addition, Prestige may collect some additional Personal Data related to the health and medical history of the individual experiencing the adverse event.  Health and medical history will be collected only if the information is required for processing the adverse event for pharmacovigilance purposes. 

  • Medical Inquiries.  As it relates to medical inquires, Prestige collects the following types of Personal Data: (1) name, (2) contact details, and (3) affiliation/profession of the individual making the inquiry. 

4.     When Prestige Collects Your Personal Data

Prestige collects your Personal Data as follows:

  • when you report an adverse event or other activity related to pharmacovigilance, and

  • when contacting us with a medical inquiry

5.     Prestige’s Purpose and Legal Basis for Processing Your Personal Data

Prestige’s uses your Personal Data only as follows: 

  • Pharmacovigilance.  Pharmacovigilance-related reports and information is important for public health and will be used for the limited purposes of detecting, assessing, understanding, and preventing adverse events or any other medicine-related problem.  Prestige may also use the information in furtherance of its reporting obligations to health or regulatory authorities. 

    These data processing activities are necessary to comply with Prestige’s legal obligations. 

  • Medical Inquiries.    Personal Data collected in relation to a medical inquiry will be used to answer the inquiry and/or to follow up on such requests.  The information is then maintained in a database for future reference.  In addition, where required by law, the information may be reported to health or regulatory authorities.

    These data processing activities are performed on the basis of a legitimate interest, to comply with Prestige’s legal obligations, and, where applicable, with your consent.   

6.     With Whom Prestige Shares Your Personal Data

Prestige does not share, sell, or otherwise disclose your Personal Data with third parties except as provided in this Privacy Notice and our Privacy Policy. 

Prestige is required to report certain pharmacovigilance and product-related information to health or regulatory authorities.  The information reported includes (1) details about the adverse incident, and (2) limited Personal Data about the patient and reporting individual as follows:

  • Patients. Personal Data related to a patient that is provided in reports to health or regulatory authorities may include his/her age, date of birth, and gender.  The patient's name will never be included in these reports.

  • Reporting Individuals. Personal Data related to a reporting individual that is provided in reports to health or regulatory authorities may include his/her name or initials, profession, address, email, and phone number. 

In addition, Prestige may disclose information about you in the following circumstances:

  • If Prestige sells or buys any business or assets, we may disclose your Personal Data to the prospective seller or buyer of such business or assets, including to permit the due diligence required to decide whether to proceed with a transaction

  • If all or substantially all of Prestige’s assets are acquired by a third-party, Personal Data held by Prestige about its customers will be one of the transferred assets

  • If Prestige is under a duty to disclose or share your Personal Data to comply with any legal or regulatory obligation

  • If necessary, to protect the vital interests of a person 

  • To enforce or apply our terms and conditions or to establish, exercise, or defend the rights of Prestige, our employees, customers, or others

  • With your consent

 7.     Cross-Border Data Transfers

To carry out its obligations, Prestige may transfer your Personal Data outside of the United Kingdom to our related or affiliated entities and relevant health or regulatory authorities located outside the UK.  This includes jurisdictions that may have different data protection standards as compared to the UK.

Where Personal Data is transferred to and stored in a country outside of the UK, Prestige takes the necessary steps to provide appropriate safeguards to protect your Personal Data.  If you want further information on the specific mechanism used by Prestige when transferring your Personal Data out of the UK, please contact us using the contact information in the Contact Details section below.

8.     Data Retention Practices

Prestige retains your Personal Data no longer than is reasonably necessary for the purposes for which it was collected and processed and in accordance with Prestige’s data retention policy, except as required by applicable law or to comply with our legal obligations, resolve disputes, and enforce our agreements. 

9.     Protecting Personal Data

In accordance with the United Kingdom’s General Data Protection Regulation (“UK-GDPR”) and applicable data protection laws, Prestige has implemented appropriate physical, electronic, and administrative safeguards to protect your Personal Data from loss, misuse, unauthorized access, disclosure, alteration, destruction, or modification.

These measures are regularly reviewed, evaluated, and updated to proactively identify new or emerging security threats.  

Where data processing is carried out on Prestige’s behalf by a third-party, Prestige takes steps to ensure that appropriate security measures are in place to prevent unauthorized disclosure of Personal Data.

10.  Your Data Protection Rights

Under the UK-GDPR, you have the following rights related to your Personal Data: 

  • Right to withdraw consent at any time. You have the right to withdraw consent where you have previously given your consent to the processing of your Personal Data.

  • Right to object. You have the right to object to the processing of your Personal Data if the processing is carried out on a legal basis other than consent.

  • Right to access. You have the right to learn if your Personal Data is being processed by Prestige, obtain disclosure regarding certain aspects of the processing, and obtain a copy of the personal data undergoing processing.

  • Right to rectification. You have the right to verify the accuracy of your Personal Data and ask for it to be updated or corrected.

  • Right to restriction of processing.  You have the right, under certain circumstances, to restrict the processing of your Personal Data.  In that case, Prestige will not process your Personal Data for any purpose other than storing it.

  • Right to be forgotten.  You have the right, under certain circumstances, to request your Personal Data to be deleted by Prestige.  

  • Right to data portability.  You have the right to receive Personal Data that you provided to Prestige in a structured and commonly used format so that it can be transferred to another data controller.  This right only applies where your Personal Data is processed by Prestige with your consent or for the performance of a contract and when processing is carried out by automated means.

Please note that the above rights are not absolute, and Prestige may be entitled to refuse or limit the requests, where exceptions under applicable law apply. 

11.  Exercising Your Rights

You can exercise any of your rights as described in this Privacy Notice and under the UK-GDPR by contacting Prestige as provided in the Contact Details section below.

Except as described in this Privacy Notice or provided under applicable data protection laws, there is no charge for the exercise of your legal rights. However, if your requests are manifestly unfounded or excessive, in particular because of their repetitive character, Prestige may either: (a) charge a reasonable fee taking into account the administrative costs of providing the information or taking the action requested; or (b) refuse to act on the request.

Where Prestige has reasonable doubts concerning the identity of the person making the request, we may request additional information necessary to confirm your identity.

12.  Lodging a Complaint

Prestige only processes your Personal Data as described in this Privacy Notice, its Privacy Policy, the UK-GDPR, and in accordance with other applicable data protection laws.  If, however, you wish to raise a complaint regarding the processing of your Personal Data or are unsatisfied with how we have handled your information please contact us as provided in the Contact Details section below.

You also have the right to complain to the UK’s Information Commissioner’s Office (“ICO”):

Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, SK9 5AF Data Protection Authority. 

www.ico.org.uk  

For residents of Germany, any complaints should be directed to your state’s data protection authority.  Information can be found here: https://www.bfdi.bund.de/DE/Home/home_node.html.

13.  Changes to this Privacy Notice

Prestige may change this Privacy Notice from time to time.  Any changes will be posted on the Prestige website with a last updated date.

14.  Contact Details

If you have any questions regarding this Privacy Notice, your rights, or Prestige’s use of your Personal Data, please contact:

Prestige Consumer Healthcare, Inc.  Data Privacy Representative, 660 White Plains Road, Ste 250, Tarrytown, New York USA 10591

Email: click here

Effective Date:  22/04/2021

Last Updated:  22/04/2021