This privacy statement was last updated in July 2021 and overrides previous versions. Prothya Biosolutions Netherlands B.V. (“Prothya”) may amend this privacy statement from time to time. Prothya Biosolutions Netherlands B.V. will keep you up to date with any changes by placing a revised version of the statement on our website.
From plasma to medicines – it’s everyone’s business
Prothya processes the plasma collected from, among others, Sanquin Blood Bank donors into medicines. These plasma medicines are intended for people with illnesses such as blood clotting and immune diseases.
Which personal data does Prothya collect, how and for which purposes?
Prothya holds the personal data of patients, customers, practitioners, employees and associates, as well as information on plasma donations. The data may be confidential or sensitive. In any case, all of the data is personal. Examples of this data are:
- name, address and telephone number to be able to contact an associate;
- the identification number of a plasma donation, to be used for the manufacturing of medicines.
Prothya collects data that you have supplied to us yourself as a patient, customer, practitioner employee or associate and Prothya may obtain data from third parties such as practitioners.
Prothya uses this personal data for the following purposes:
- managing donations from which medicines can be manufactured;
- managing the safety of produced and to be produced medicines;
- handling and dealing with complaints and adverse events;
- conducting, registering and reporting clinical research;
- maintaining a register of associates;
- maintaining a register of staff.
Additional information about the processing of your personal data [link naar andere pagina: Processing of personal data]
How does Prothya ensure that your data is safe and how long does Prothya store personal data?
Prothya takes the necessary technical and organisational measures to guarantee that your personal data is well protected, for example against unauthorised or unlawful use, modification, unauthorised access or disclosure, accidental or unlawful destruction and loss.
Additional information about who can access your personal data [link naar andere pagina: Who can access your personal data?]
The general rule is that Prothya stores personal data for as long as it is needed, but not longer than five years, unless this is required in order to meet statutory obligations. There is a statutory retention period for some data laid down in Dutch and European pharmaceutical legislation.
Does Prothya disclose data to third parties?
The nature of its activities means that Prothya may share your data with third parties such as the European Medicines Agency (EMA). There are also institutions that monitor and test Prothya’s operations, such as the Health and Youth Care Inspectorate (Inspectie voor de Gezondheidszorg en Jeugd, IGJ). Employees at this institution can also view the data.
In certain cases, Prothya may share your personal data with trusted third parties for the performance of certain technical and other services, e.g. hosting providers and telephone support services. All such third parties are obliged to adequately protect your data and only to process it in accordance with our instructions. Prothya has a written contract with each of these parties, in which these matters are settled.
Prothya may also share aggregate data, which is not traceable to the person, with third parties. Prothya makes sure that this non-personal information cannot be traced back to specific individuals. In addition, Prothya may share your personal data with supervisory bodies and investigatory bodies if Prothya is legally required to do so.
What are your rights?
As a patient, customer, practitioner, (former) employee or associate you have the right to access your personal data registered by Prothya, to have rectified inaccurate data and, in certain cases, to have your data removed.
You also have the right, in certain cases, to request a restriction of or to lodge an objection to the processing of the data and to request data portability.
To make sure that it is you requesting your data, Prothya asks you to provide proof of identity with a valid identity document.
When you have given consent for your personal data to be used, you may always revoke your consent. From that moment Prothya will not collect any new personal data. Prothya has the right to continue processing your data, which has been collected before you revoked your consent.
Additional information about the access to your own personal data [link naar andere pagina: Do you have access to your own personal data?
If you have a question, you can contact us at:
Prothya Biosolutions Netherlands B.V.
At the attention of Prothya Privacy Officer
PO box 9190
1006 AD Amsterdam
If you believe that Prothya does not comply with the above rules or does not do so adequately, or if you want to submit a complaint for another reason, please contact us via above PO box or mail.
Alternatively, you can submit a complaint to the Autoriteit Persoonsgegevens (AP). This is the independent Dutch supervisory body that monitors compliance with the statutory rules for the protection of personal data. You can contact the AP at:
2509AJ Den Haag
Tel.: +31 (0)88 – 1805 250
Prothya’s Data Protection Officer (DPO) advises and informs Prothya on data protection, and monitors data protection compliance by Prothya. You can contact the Data Protection Officer at Prothya by sending an email to: firstname.lastname@example.org
Processing of personal data
Personal data are necessary to be able to guarantee safety and traceability when manufacturing medicines from plasma components. The data relates to processes before, during and after the manufacture, reports relating to side effects and also to clinical scientific research.
At Prothya, a valid reason is required in order to be allowed to process personal data. This reason is called a legal basis. The valid reasons/ legal bases which Prothya has for processing data are:
- performance of a contract;
- a legal obligation;
- legitimate interest of Prothya or a third party.
The valid reasons, or legal bases, which Prothya uses for special categories of personal data (such as data concerning health and genetic data) are:
- explicit consent;
- ensuring high standards of quality and safety of medical products;
- the necessity with regard to clinical research.
If Prothya processes your personal data for the purpose of the legitimate interests of Prothya or those of third parties, the processing will be preceded by carefully weighing up these interests against your right to privacy. Prothya takes all precautionary measures to protect your privacy and, where necessary, to prevent your interests from being conflicted. Prothya can supply more information on request about how the interests are weighed up.
Managing donations from which medicines can be manufactured
Prothya manages all donations that are received, in the various processes before, during and after the manufacture. This is in order to be able to guarantee the traceability and safety of the medicines to be manufactured. This is a legal obligation.
Managing the safety of produced and to be produced medicines
Prothya performs pharmacovigilance activities in order to track, assess, understand and – as much as possible – prevent side effects of medicines and problems relating to medicines. This involves processing personal data which Prothya obtains from patients and healthcare providers. Prothya provides only the legally required data to the authorities.
- legal obligation;
- performance of a contract.
Handling and dealing with complaints
Things do not always turn out as expected. Prothya registers complaints about products and services so that they can be dealt with as effectively as possible.
Although Prothya is not legally required to deal with certain complaints, it is in Prothya’s legitimate interest to do so anyway. Prothya’s interests are weighed up against those of the party or parties concerned.
Conducting, registering and reporting clinical research
Prothya conducts clinical research to investigate and ensure safety and efficacy of the medicinal products that Prothya manufactures. This is a legal obligation.
Maintaining a register of associates
Prothya maintains a register of associates with whom Prothya has an ongoing relationship or plan to start such relationship. In a central register, Prothya administers these contacts. Prothya processes the personal data on the basis of:
- a legal obligation;
- legitimate interest of Prothya or a third party.
Maintaining a register of staff
Prothya maintains a register of current and former staff, including registration of duty-related activities and permissions. Prothya processes the personal data on the basis of:
- a legal obligation.
Who can access your personal data?
Every Prothya employee who has permission to access personal data is obliged to observe secrecy. He or she must treat all of the data confidentially.
A Prothya employee only has access to the data that he or she needs for the fulfilment of his or her duties. For this reason, not all Prothya employees can access all personal data.
Prothya has taken measures to prevent unauthorized persons from accessing your personal data. For example, Prothya stores data on paper in locked rooms and electronic data is password protected.
Do you have access to your own personal data?
Do you have access to your own personal data?
Yes. If you want to find out whether Prothya holds your personal data, and if so, which data, you can submit a request for access, accompanied by copy of a valid identity document (passport, driver license, ID card), Prothya will ensure that you can access your data within one month after submitting your request. Of course, you will only be able to access your own data and nobody else’s data.
If you would like to come and access your data, two rules apply:
- You must make an appointment with Prothya in advance (if you request access in writing);
- You must provide proof of identity with a valid identity document (passport, driving licence or ID card).
If you wish, you can receive a hard copy of your personal data.
Would you like to have your personal data rectified or erased?
If you think that your data is incorrect or has been processed incorrectly, you can submit a request to rectify your data. You may also ask Prothya to erase your personal data. You must do this in writing and you must state the reasons for your request.
Your personal data is only erased in certain cases as prescribed by law. This may include cases in which your personal data is no longer needed for the purpose for which it was originally collected, and cases in which the data was unlawfully processed.
If Prothya agrees to your request, Prothya will erase your data or amend it so that it is no longer traceable back to you. Prothya will inform you about this in writing.
Can I transfer my personal data to another organisation?
The right to data portability only applies if you have supplied your personal data to Prothya based on consent or an agreement, and the processing of this data is performed automatically. Most processes carried out by Prothya are not based on this lawful basis.
Can I restrict or lodge an objection against the use of personal data?
As a data subject, you can lodge an objection against the use of personal data if Prothya processes your data on the basis of ‘legitimate interest’. Prothya will then stop using your personal data for this purpose, unless Prothya has mandatory legitimate grounds for the use of the data.
As a data subject, you can also restrict the use of your data for a certain purpose, which involves suspending the processing of your data for a certain period of time. Circumstances that may give cause for you to exercise this right include if:
- you dispute the accuracy of the data;
- the processing is unlawful and you do not want the data to be destroyed;
- you have lodged an objection and are awaiting a response from Prothya.