The we have entered into a Joint Controller Agreement relative to the operation of this Website. We have agreed that the Companies are jointly responsible for the compliance with the transparency and information requirements regarding the processing of the Website visitor’s personal data, including the DocCheck authentication information and any information provided during newsletter mailing list sign-up.

We have agreed that each of us who holds the exclusive license to the respective market and sale products in a country under the exclusive licence agreement between us is responsible for fulfilling data subject requests originating from that country.

Either of us may receive a complaint from a data subject which relates to the other Company’s personal data processing, and the party receiving the said request must without undue delay forward such request to the other Company. If the data subject request is (1) made directly to Richter or Recordati or (2) addressed to both Companies or (iii) the country of origin of the request cannot be determined without doubt or (iv) originates from a country outside the EU, then the Company who received the data subject request must respond to that request.

We have agreed that they are each responsible for having in place procedures to ensure a compliant legal basis for processing personal data, to handle security breaches, to conduct data protection impact assessments, to manage data subject access requests and to implement appropriate technical and organizational security measures to protect the personal data against accidental or unlawful destruction, loss or alteration and against unauthorized disclosure, abuse or other processing in violation of the provisions laid down in the applicable data protection laws.

Each of us is entitled to use data processors as part of the joint processing. We process your personal data within the EU and applying the appropriate safeguards, may transfer it to any third countries outside the EU/EEA.

We will use your data for the purposes of

• Website operation : the processing of your data is necessary for the performance of the Website’s Terms of Use and for the regular operation of this Website.
• Adverse effect notification : in relation to adverse effect notifications, the legal basis of data processing is our legal requirement to comply with European and national pharmacovigilance laws. We will inform you in a separate privacy notice on pharmacovigilance, once you submit a report to us.

Newsletter subscription: in order to send you newsletters we need your title, first name, last name, e-mail address, specialty and country of residence.

For the purposes outlined above we process the data categories indicated below:

• Website visitor’s personal data : your browser’s type and version, the operating system you use, the website from which you are visiting us (referrer URL), webpage(s) you are visiting on our Website, date and time of accessing our Website, and internet protocol (IP) address.
• Healthcare professional’s data : for authenticated users only – DocCheck authentication result, salutation, gender, title, forename, surname, street, country, address type where the healthcare professional lives, the languages the healthcare professional may speak, the profession, discipline (for physicians only), activity, e-mail address, unique key related to the healthcare professional and the status of confirmation .Recordati and Gedeon Richter shall have no access to such data, which shall be processed by DocCheck.
• Analytics data : logins, pages viewed, and documents downloaded.
• Adverse effect notification data : we do not process any personal data relative to any adverse effect notification on the Schizoprenia.life website. We only process the related data through our dedicated adverse effect reporting website at
  https://www.richter.hu/en-US/contact/Pages/Adverse-event-reporting.aspx

The provision of your personal data as a healthcare professional, based on your consent is voluntary.

• Your consent provided to us under the EU Regulation 679/2016 (“GDPR”) Article 6 (1) a) ( Consent ). You, as a data subject have the right to withdraw your consent at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.
• The processing of your personal data is necessary for the performance of a contract with You under the GDPR Article 6 (1) b) ( Contractual Basis ).
• The processing of your personal data is possible based on our legitimate interest under the GDPR Article 6 (1) f) ( Legitimate Interest ).
• We may process your personal data based on our legal obligations pursuant to Article 6(1) (e) of the GDPR ( Legal Obligation ).
• We may process your personal data for the purposes and legal bases indicated below:

We have conducted the balancing test to conclude our prevailing legitimate interests. We considered the extent to which your interests, rights and freedoms may be impacted by our data processing activities, as well as the organizational structure and operation of the Companies and the privacy guarantees provided by us. On this basis, we have concluded that our relevant data processing activates (as outlined below) do not disproportionately restrict your interests, personal rights and freedoms.

For more information regarding our legitimate interests, please find our contact information at the contact page .

Taking into consideration that your personal data shall be processed for the purpose of accessing the Website and, afterwards, it shall be available in anonymous form for the purposes above indicated only, we will retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal requirements. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data, whether we can achieve those purposes through other means and the applicable legal requirements. To this extent, please consider that we will anonymise your personal data so that it can no longer be associated with you, in which case we may use such information without further notice to you.

We will process and store personal data in relation with your visit of our Website for 6 months after your visit.

We will not disclose any of your personal data to third parties, any external bodies or organizations, except as set out below, or unless you consent to data transfer or the data transfer is required or permitted by law.

We may engage third party vendors as data processors to provide services to us and share your personal data with such third parties as well as with legal and other advisors, consultants that assist us. Nonetheless, in such a case, we will always ensure confidentiality of your personal data, for example by concluding a confidentiality and non-disclosure agreement. We may transfer your personal data outside the EU/EEA. In this case we rely on appropriate safeguards, such as EU standard contractual clauses or the EU-U.S. Privacy Shield framework.

At the time of this Privacy the Companies have engaged the below data processors relative to the operation of this Website and the provision of its services:

• Amarone Ltd . – H-1142 Budapest, 112. Erzsébet királyné str., – Website operations
• PharmiWeb 2002 Limited – One Station Square, Bracknell, RG12 1QB, United Kingdom, – Website development and design
• Kanga Health Ltd – Meadow side, Mountbatton Way, Congleton, Cheshire, CW12 1DY United Kingdom – Newsletter Database Processor
• Google LLC– 1600 Amphitheatre Parkway, Mountain View, California 94043, USA – Google Analytics (used only if consented to analytics cookies).
• DocCheck – DocCheck Community GmBH, Industry Services, Vogelsanger Str. 66, D-50823 Köln.

You are entitled to exercise your rights indicated below:

1. Right of access: You have a right to ask whether or not we have personal data about you and, if that is the case, request information on what personal data we have. We will also have to respond to questions about inter alia why we are using your personal data, details about what data we have and to whom we have provided access to the data. However, this is not an absolute right and the interests of other individuals may restrict your access rights.
2. Right to rectification : We are required to rectify inaccurate personal data, or to complete personal data that is incomplete, on request.
3. Right to erasure (right to be forgotten): We are in some circumstances required to erase personal data on request by the data subject.
4. Right to restriction of processing: We are in some circumstances required to restrict our use of personal data on request by the person concerned. In such cases, we may only use the data for certain limited purposes set out by the law.
5. Right to data portability: You may have the right to receive your personal data to which we have access, in a structured, commonly used and machine-readable format and such persons may then have a right to transmit those data to another entity without hindrance from us.
6. Right to object:
   You have the right to object to the processing of your personal data for any reason relating to your situation, and in this case, we may not be able to process your personal information. If you have the right to object and the exercise of this right is justified, your personal data in concern will not be further processed for the purposes of the objection. The exercise of this right does not entail any costs.

7. Right to complaint If you consider that your privacy and data protection rights have been infringed, you may contact the relevant data protection authority supervising the activities of the relevant Company: • in case of Richter the Hungarian National Data Protection and Freedom of Information Agency (Nemzeti Adatvédelmi és Információszabadság Hatóság – NAIH; seat: H-1024 Budapest, Szilágyi Erzsébet fasor 22/C.; website: www.naih.hu; phone: +36-1-391-1400; email address: [email protected] ; fax: +36 1 391 1410; • in case of Recordati the Italian Data Protection Authority (Garante per la protezione dei dati personali) – seat: Piazza Venezia 11 – 00187 Roma; phone: +39-06-6967 71; fax: +39-06-6967 73785; Certified mail: [email protected]; email: [email protected] ;

or you may contact the competent data protection regulatory authority located in the European Union’s relevant Member State where your habitual residence, place of work or place of the alleged infringement is.

For more information about this Privacy and Cookie Policy and regarding privacy and data protection inquiries and requests by Data Subjects, please find our contact information at the contact page .

Richter have appointed a data protection officer, whom you may contact at: [email protected]

Recordati have appointed a data protection officer, whom you may contact at: [email protected]