2.8 Protection of personal data

The company undertakes to respect the fundamental right of each individual to the protection of personal data.

The need to protect the personal data is becoming more and more important as the importance of the online environment increases. The use of the online communication means and the use of internet-connected devices allow the collection of personal data.

It is therefore important to take appropriate measures to protect personal data and to comply with privacy rules on the storage, collection and use of personal data.

The company pays particular attention to the confidentiality of this data and to the protection of the rights of the employees, consumers / patients, health professionals, customers and partners in the use and processing of these types of data.

The processing of personal data shall be carried out under and in compliance with the provisions of the legislation in force, in particular the Regulation 679 / 2016 on the protection of natural persons with regard to the processing of personal data and the free movement of such data (hereinafter referred to as the GDPR).

The company carries out several types of personal data processing in accordance with the internal GDPR regulations.

The processing of certain categories of data is carried out in order to protect legitimate interests such as: guarding the company’s assets, ensuring access to its premises and work points, ensuring compliance with the internal security rules and with the company’s organizational processes, facilitating relations with partners, protecting, respecting and exerting the rights of the company and/or of its employees.

In the course of its business, the company collects and stores personal information about the employees, business partners, health professionals, patients / consumers. This data may be (but not limited to): dates of birth, contact details, financial, medical and / or other information.

The personal information must be collected exclusively for clearly defined purposes in accordance with Regulation No 679 / 2016 (GDPR).

For each data processing, reasonable time limits for the retention of personal data shall be set, not exceeding the period necessary to fulfil the purposes for such processing.

The company takes very seriously the rights of the employees, collaborators, partners, consumers / patients, medical professionals, etc. with whom it maintains collaborative relationships.

Thus, the company takes all necessary measures to ensure that their personal data is protected and their rights are observed.

At the same time, the company may initiate in partnership with health professionals some clinical trials for certain products in its portfolio. On these occasions, the company undertakes to comply with the specific standards of such studies, including here the consent of the participating persons, the protection of their personal data. For further information, please contact the data protection officer at gdpr (at) prisum.ro.

The employees of Prisum may also see the GDPR Internal Regulation.

PRISUM HEALTHCARE Code of Conduct

CORRECT AND LEGAL BUSINESS