DeltaPV İlaç Danışmanlık Sağlık Ürün. ve Hiz. Tic. A.Ş. (“DeltaPV or the Company”) is a
contract pharmacovigilance services organization which provides pharmacovigilance services.
DeltaPV places importance on processing and protection of personal data in accordance with the laws. In this context, the Personal Data Protection and Processing Policy has been drawn up. The policy aims at informing all-natural persons whose personal data are processed by DeltaPV except for DeltaPV employees.
DeltaPV places importance on processing and protection of personal data in accordance with the laws and, in this context, aims at informing all-natural persons whose personal data are processed by DeltaPV with this Personal Data Protection and Processing Policy.
Unless otherwise stated, the Company acts as the data controller in the following personal data processing processes.
In cases where there is a conflict between the Turkish language in which the policy is prepared and any translation, the Turkish text should be taken into consideration.
Explicit Consent: Freely given, specific and informed consent.
Personal Data: All the information relating to an identified or identifiable natural person.
Processing of Personal Data: Any operation performed upon personal data such as collection, recording, storage, retention, alteration, re-organization, disclosure, transferring, taking over, making retrievable, classification or preventing the use thereof, fully or partially through automated means, or through non-automated means provided that the process is a part of any data registry system.
Law: Law No. 6698 on the Protection of Personal Data.
Board: Personal Data Protection Board.
Authority: Personal Data Protection Authority.
Data Subject: Natural person, whose personal data are processed.
Data Controller “Data controller” refers to the natural or legal person who determines the purposes and means of processing personal data and is responsible for establishing and managing the data registry system.
Data Processor: “Data processor” refers to the natural or legal person who processes personal data on behalf of the data controller upon his/her authorization.
The definitions contained in the Law and secondary regulations shall apply with regard to the definitions not included herein.
When DeltaPV collect personal data directly from its websites, visitors, customers,
suppliers, business partners or employee candidates, often act as a data controller.
However, when personal data is collected from patients, reporters, consumers, healthcare professionals, DeltaPV usually acts as a data processor. DeltaPV’s customers, which are data controllers, can fulfill their obligations under the relevant pharmacovigilance and health legislation through Company, which acts as a data processor.
In cases where DeltaPV acts as a data processor under contracts with customers, processes personal data on behalf of the customers in order to fulfill pharmacovigilance services. In these cases, the data controller is the customers on behalf of which data are directly processed.
Where DeltaPV acts as a data processor, the customers determine the purposes and means of processing your personal data according to their legal obligations as a data controller and business requirements.
For example, in case of collecting data from reporters in adverse event reporting, DeltaPV acts as a data processor. The customer, who has rights on the medicine/product related to an adverse event reporting, decides a how to use data collected under an adverse event as the data controller.
3.1. Website Visitors
3.2. Employee Candidates
DeltaPV provides pharmacovigilance services for the pharmaceutical industry. In this context, job applications are received from website or career websites or directly from you. Personal data that you have submitted to DeltaPV for job applications are used only to conduct the employee candidate/intern selection and placement processes, to plan human resources processes and evaluate whether you have necessary qualifications for the relevant job.
3.3. Customer, Supplier and Business Partner Information
For the management of customer, supplier and business partner relationships and contracts, DeltaPV can use the name, surname and contact information of suppliers, business partners and customer employees. These data obtained are used to conclude or perform contracts with these persons, to fulfill legal obligations, to exercise, protect and establish a right or for the Company’s legitimate interests and are not shared with third parties except for these purposes.
In this context, your personal data can be processed to conduct financial and accounting works, conduct customer relations management processes, conduct contract processes, conduct communication activities, conduct audits/ethics activities, conduct product/service production and operations processes, conduct advertising/campaign/promotional processes, conduct training activities, plan and perform regulatory compliance and pharmacovigilance services processes, and provide information to authorized persons/institutions and organizations.
3.4. Visitor Logs
If you use the Internet service provided by DeltaPV, DeltaPV, as the party providing the Internet, should take necessary measures to prevent access to the contents, the subject of which constitutes a crime, and to keep access records relating to the use of Internet in accordance with the Law No. 5651 on Regulating Broadcasting in the Internet and Fighting Against Crimes Committed through Internet Broadcasting. Therefore, in cases where DeltaPV provides Internet access to you, your information such as MAC ID, IP number and logs related to your use of Internet are processed as part of legal obligations and retained for the legal period in accordance with the legislation.
Your logs are kept for the purpose of creating and managing the information technology infrastructure, providing information to authorized persons/institutions and organizations, creating and monitoring visitor records, conducting information security processes and conducting activities in accordance with the legislation.
3.5. Patients, Consumers, Reporters, Healthcare Professionals
DeltaPV enters into pharmacovigilance service contracts that require the processing of personal data related to the customers, patients and their medicines. In this context, data of special nature such as health data and other personal data may be processed. These data are usually the data that are clearly stipulated to be processed under adverse event reporting in the legislation.
Usually, the name, surname and contact information of healthcare professionals and reporters, who report adverse events, can be processed.
DeltaPV acts as a data processor for the personal data and processes as part of the provision of pharmacovigilance services to the customers. In this context, DeltaPV provides support to its customers for them to fulfill their legal obligations in the framework of pharmacovigilance legislation and guidelines on Good Pharmacovigilance Practices.
When doing so, the use of medicines, their side effects and their interactions with other medicines are monitored and authorized institutions and organizations are informed in this context. These data processing activities are carried out for the purposes of public health protection and preventive medicine.
In this context, DeltaPV usually processes your personal data for the purposes of planning and conducting pharmacovigilance service processes, carrying out activities in accordance with the legislation, conducting audits/ethics activities, monitoring requests/complaints, providing information to authorized persons/institutions and organizations, conducting communication activities, protecting public health and performing activities of preventive medicine.
DeltaPV processes your personal data in accordance with the principles stated below:
Under Article 10 of the Law, when collecting personal data, the data controller or the person authorized by the data controller is obliged to inform the data subjects about the following:
DeltaPV has prepared this Policy within the scope of this obligation, and for data processing activities for which it acts as the data controller, it provides further information to the data subjects persons through information forms containing the above information. Within this scope, in case that the personal information is not collected from the data subject, DeltaPV fulfills its obligation to inform the data subject as follows:
On the other hand, in cases that DeltaPV acts as the data processor, the primary responsibility for the obligation specified in the Law is on the data controllers. The obligation to inform the data subjects especially within the scope of the provision of pharmacovigilance services is therefore on the clients of DeltaPV who are data controllers.
6.1. Personal Data not Being of Special Nature
DeltaPV may process your personal data other than personal data being of special nature based on one or more of the following legal grounds:
6.2. Personal Data of Special Nature
Personal data of special nature are your data relating to the race, ethnic origin, political opinion, philosophical belief, religion, sect or other beliefs, clothing, membership to associations, foundations or trade-unions, health, sexual life, convictions and security measures, and biometric and genetic data.
Your data of special nature may be processed, especially health data, in order to provide pharmacovigilance services. However, you may sometimes need to provide DeltaPV your data of special nature such as your health data pursuant to the legislation in order to assess your eligibility for job as part of your job application. In such cases, the legal grounds on which based in relation to your personal data of special nature are as follows:
DeltaPV processes the personal data you have shared with it by taking adequate measures as determined by the Board. If the said legal grounds are not met, DeltaPV processes your data upon obtaining your explicit consent. You can always withdraw your explicit consent you have given to us.
Your personal data may be transferred at home and abroad for the purposes specified in the
Policy in accordance with the Law and the rules determined by the Board. DeltaPV may
transfer your personal data to the customers and business partners such as DeltaMed and
marketing authorization holders, to suppliers to carry on activities, to authorized public
institutions and organizations and third parties, based on one or more of the legal grounds
mentioned in Section 6 of this Policy.
Since DeltaPV is a Company operating as a pharmacovigilance service provider, may sometimes need to share your personal data to medicine license/marketing authorization holders, third parties with which medicine license/marketing authorization holders enter into a contract, licensors or global head office of medicine license/marketing authorization holders, and Turkish Medicines and Medical Devices Agency (“TMMDA”) in order to perform services or legal obligations hereunder. In cases where such medicine license/marketing authorization holders and/or related third parties are located abroad, DeltaPV shares your personal data with them in accordance with the Law and criteria determined by the Board. Where necessary, it obtains commitments and necessary approvals from the Board in relation to the sharing of personal data.
DeltaPV takes a number of necessary technical and administrative measures to prevent the unlawful processing of and unlawful access to your personal data and to ensure that these data are retained securely. Also, in the event that your personal data are transferred to third parties under a business relationship, DeltaPV regulate issues relating to the sharing with necessary means to ensure the security of your personal data. The administrative and technical measures are primarily taken hereunder are as follows:
In addition to the above mentioned technical and administrative measures, the following measures are taken in accordance with the Decision No. 2018/10 dated 31.01.2018 of the Personal Data Protection Board (“Decision”) in relation to data of special nature that DeltaPV processes while performing its services as a pharmacovigilance service provider:
Despite being legally processed, your personal data are erased, destroyed or anonymized in
accordance with the retention and destruction policy prepared by DeltaPV if the reasons that
require the processing thereof disappear.
DeltaPV fulfills the said liability in compliance with the provisions of the Regulation on Deletion, Destruction or Anonymization of Personal Data (published in the Official Gazette on 28 October 2017 with no. 30224) as well as the Board’s Guideline on Deletion, Destruction or Anonymization of Personal Data
Deletion of personal data is the process of making personal data inaccessible and irrevocable for Related Users.
For deleting personal data, personal data to be deleted are established first, followed by the identification of related users for each personal data by using the personal data access / authorization matrix. The deletion of personal data is finalized by removing the rights and authorities of related users to access, recover and re-use personal data.
The destruction of personal data is the process of making personal data inaccessible, irreversible and non-reusable for anyone Anonymization of personal data means disabling the personal data to be associated with a specific or identifiable real person, even if personal data are matched / paired with other data.
DeltaPV takes all required technical and administrative measures for the deletion, destruction or anonymization of your personal data.
You may submit your rights regarding your personal data to DeltaPV by filling in the “Data Subject Application Form” on website (https://www.deltapv.com/). It will be responded to your requests as soon as possible and within a maximum of 30 days.