Home > Privacy Policy

PRIVACY POLICY

1.       What is this document about?

This Privacy Policy stipulates how Servier Laboratories South Africa (Pty) Ltd (“SERVIER”)processes your personal information. This includes why we collect information about you, the type of information we collect, how we collect it, with whom we will share it, the security measures we use to protect the information, and how you may obtain access to and correct your information. You should read this Privacy Policy carefully.  Every provision is important and material. If something is unclear, please ask that it be explained to you.

 

2.       Explanation of Terms Used

“Personal information” has the meaning assigned in the applicable data protection law and includes the term “personal data”, where appropriate. It generally includes information relating to identifiable, living, natural persons. Under POPIA the term also includes information about identifiable, existing juristic persons. It includes information such as race, gender, age, health status, medical information, date of birth, identity number, contact details, and confidential correspondence.

  • “Processing” has the meaning assigned in the applicable data protection law. It generally refers to any operation or activity concerning personal information or data, such as the collection, receipt, recording, storage, updating, alteration, use, distribution, erasure, or destruction of the information or data.
  • “POPIA” means the Protection of Personal Information Act (Act 4 of 2013) and Regulations made in terms thereof.
  • “SERVIER / “we” / “us” means Servier Laboratories South Africa (Pty) Ltd.

  • “You” / “your” refers to the data subject (i.e. the individual or entity) whose personal information is processed by us.

3.       About SERVIER

SERVIER is a pharmaceutical company, registered as a private company under the Companies Act (Act 71 of 2008) of South Africa.  SERVIER forms part of an international pharmaceutical group of companies. Our parent company, Les Laboratoires Servier, is based in France. We manufacture and supply medicines across five therapeutic domains, namely cardiovascular and chronic venous diseases, oncology, neuropsychiatric disorders and internal medicine diseases such as diabetes.

Our contact details are as follows:

Physical and Postal Address:     Building J, 3rd Floor, Hertford Office Park, 90 Bekker Road, Vorna Valley, Midrand, Republic of South Africa (RSA).

Telephone:                                         +27 (0) 861 700 900

Email:                                                    info-za@servier.com

Website:                                               https://www.servier.co.za

4.       Information Officer

Name:                 Jayshree Rughoonandan

Email:                   privacy-za@servier.com

Telephone:         +27 (0) 861 700 900

5.       Our Commitment

Your privacy and the security of your information are important to us and we, therefore, want to make sure you understand how your information will be processed. We are committed to conducting our business in accordance with the law to ensure the integrity and confidentiality of your personal information is protected. We take this commitment to look after your personal information seriously. We have implemented several processes to make sure that your personal information is used correctly.  We will, therefore, only –

  • collect the necessary personal information;
  • use personal information for the purposes specified in this Privacy Policy unless you are advised otherwise or you provide us with consent;
  • keep personal information that we need for lawful purposes; and
  • share your personal information as specified in this Privacy Policy, permitted by law or as otherwise agreed with you.

6.       Processing of Information on behalf of Group Companies

We process personal information for, on behalf of and in terms of written agreements with group companies (i.e., other responsible parties), for example, for pharmacovigilance purposes, clinical trials, and interventional and non-interventional studies. You should refer to the relevant company’s privacy policy or related documentation, which is independent of this Privacy Policy, for further information about how they process personal information. You may also contact us for further information in this regard.

7.       When Providing Information about Others

You must ensure that if you provide us personal information about any individual or entity, you may lawfully do so (e.g., with consent). We will accept that you are acting lawfully.You should ensure that the persons (or entities) whose information is shared, understand how we will use and disclose their information. This is also set out in this Privacy Policy. 

8.       Purpose of Processing Your Personal Information

We generally process personal information for the following purposes:

  • to conduct our business and maintain our records;
  • for employment purposes;
  • to provide employee benefits;
  • to conclude, perform and enforce agreements;
  • to comply with regulatory requirements;
  • for the provision or procurement of products and services;
  • to communicate relevant business or product information, industry information and events;
  • for reporting to persons and bodies as required by law or authorised by you;
  • to engage with regulators, relevant public bodies and other stakeholders;
  • for clinical trial management;
  • for pharmacovigilance management;
  • for marketing and selling our products and services;
  • for determining market share;
  • for event management, thought leader databases, social media and e-services (such as e-conferencing);
  • for relationship management;
  • for monitoring of scientific medical liaison with healthcare professionals;
  • for continuing professional development (CPD)-related purposes;
  • for security of persons at any of our premises, which may include CCTV monitoring;
  • for management of access to our premises;
  • for enforcement of our rights including dealing with any litigation regarding our business;
  • for auditing purposes; and/or
  • for historical, statistical and research purposes;
  • for any other lawful purpose related to our business.

9.       Collection of Personal Information

General

We collect personal information about you which is necessary. We obtain personal information directly from you when

  • you become a director or employee of SERVIER;
  • provide information or services to us;
  • you supply personal information on our website;
  • you attend our events;
  • we procure products or services from you; or
  • during any regulatory reporting process.

We may collect personal information about you, which is publicly available. We may also collect personal information from other sources, when it is, for example, not possible to obtain the information directly from you or to protect your legitimate interests (such as ensuring your safety).

Candidates for Employment

We collect information about candidates for employment from personnel agencies, group companies and vetting agencies.

Healthcare Providers

We collect information about healthcare providers from their staff, Medpages, IQvia, professional societies, patients, wholesalers or when a regulator or another entity or person provides us with their information.

Patients

We collect information about patients from healthcare providers when required to comply with the law, for example, to report adverse events related to medicine usage and for Section 21-applications.

Children

We collect information about children of employees when our employee benefits also benefit the dependants of our employees. This will, for example, be to enrol the children as beneficiaries on the medical scheme and pension fund.

10.   Personal Information Processed

Several laws permit the processing of your personal information such as the Medicines and Related Substances Act (Act 101 of 1965), the Health Professions Act (Act 56 of 1974) and POPIA. Employment and labour laws permit the processing of employees’ information.

Directors:

We generally, process the following personal information about directors, as may be necessary, and retain it as part of our records:

  • Names and surnames, titles, identity numbers, contact details, physical and postal addresses, telephone numbers, nationalities, gender, race, qualifications, registered professions, registration numbers, CVs and photos;
  • Financial and payment information, including bank details; and
  • Correspondence.

Employees:

We generally, process the following personal information about employees, as may be necessary, and retain it as part of our records:

  • Names and surnames; titles; contact details; physical and postal addresses; telephone numbers; identification numbers; dates of birth; places of birth; age; race; gender; nationalities; home language and abilities in respect of other languages; marital status; qualifications; professions; employment history and information and CVs;
  • Positions held and job descriptions; bank details; relevant health and disability information; criminal records; employment-related information, including all information supplied on the employment contract and in supporting documentation, disciplinary-related information, leave records, absenteeism information, remuneration and employment benefits; tax numbers and related tax information; vetting reports; references; next-of-kin details; information on children and other dependants, as may be necessary; drivers’ licenses; GPS tracking information when using company cars; authorised drivers of company cars; traffic offences committed with company cars;
  • Occupations of partners and parents (voluntary); employment-related information of family members in the chemical, pharmaceutical or associated industries; leisure activities and memberships of, for example, clubs and societies; and
  • Correspondence.

Healthcare Practitioners:

We generally, process the following personal information about healthcare practitioners, as may be necessary, and retain it as part of our records:

  • Names and surnames, titles, identification numbers, contact details, physical and postal addresses, telephone numbers, nationalities, gender, race, qualifications, fellowships, disciplines, registered professions, registration numbers, academic institutions, specialisation and interests, CVs, photos, statutory council registration numbers, practice numbers and loyalty programme membership numbers when provided (for example, for airline bookings);
  • Country;
  • Agreements and supporting documents;
  • Financial and payment information, including bank details and VAT numbers;
  • Prescribing preferences;
  • Personal preferences such as dietary requirements for CPD events;
  • CPD event attendance and related documents and certificates;
  • Medical and scientific opinions; and
  • Correspondence.

Patients:

We generally, process the following personal information about patients, as may be necessary, and retain it as part of our records:

  • Names and surnames, titles, identity numbers, dates of birth, age, contact details, physical and postal addresses, telephone numbers, gender and contact details of next-of-kin (if relevant);
  • Relevant health information (e.g., diagnosis, treatment history, current treatment);
  • Adverse events related to medicine usage; and
  • Correspondence.

Employees’ Partners, Dependants and Next-of-Kin

We generally, process the following personal information about employees’ partners, dependants and next-of-kin, as may be necessary, and retain it as part of our records:

  • Names, surnames and contact details;
  • Information relevant to enrolment as beneficiaries of the medical scheme or pension fund;
  • Occupations of partners and parents (voluntary);
  • Drivers’ licenses (if they will co-drive company cars); and
  • Employment-related information of family members in the chemical, pharmaceutical or associated industries.

Suppliers, Service Providers and Other Persons and Bodies, including Healthcare Organisations:

We generally, process the following personal information about suppliers, service providers and other persons and bodies, as may be necessary, and retain it as part of our records:

  • Organisation names and contact details;
  • Market segment;
  • Country;
  • Names and surnames, titles and contact details of contact persons and relevant officials;
  • Broad-Based Black Economic Empowerment (BBBEE) status of suppliers;
  • Agreements and supporting documents;
  • Statutory documents;
  • Financial and payment information, including invoices and supporting documents, bank details, VAT numbers, and tax status (tax clearance certificates);
  • Official documentation, including newsletters and statements;
  • Market information; and
  • Engagement-related information and correspondence.

Visitors

We generally, process the names, surnames and contact details of visitors to our offices and retain them as part of our records.

We may collect and process other personal information of data subjects than what is stated above subject to the provisions of the law if it is required in the circumstances. We will inform you about such collection, as far as possible in the circumstances.

11.   Consent

Where you consent to the processing of your personal information, you may withdraw your consent at any time. This does not affect the processing of personal information that has already occurred. If you withdraw your consent, your personal information will only be processed as provided for in the law. This may impact the services that you require from us. This will be discussed with you at the time, if it is necessary.

12.   Objection to Processing

When we process your personal information to protect your legitimate interests, based on the legitimate interests of SERVIER or those of a third party to whom we supply the information, or when we market products and services to you, you may object, if it is reasonable to do so in the circumstances. This must occur on a specific form, which is available at our offices and from the Information Officer. This does not affect your personal information that we have already processed. If you object and we agree with your objection, your personal information will only be processed as permitted by law.

13.   Sharing and Disclosure of Personal Information

We will share the personal information of data subjects in general with the following persons and entities if it is necessary and lawful in the circumstances:

  • Law enforcement and government agencies or other related third parties: From time to time, we may be required to provide personal information to regulatory bodies or other third parties to comply with a subpoena, court order, government investigation, legal or reporting obligation, or another legal process or to protect the rights, property or safety of our business, employees, patients, the public or others. If we disclose your personal information in this way, we will reasonably attempt to provide you with advance notice, unless we are prohibited from doing so;
  • Corporate transactions: If we become insolvent or are involved in a merger, acquisition, reorganisation, or sale of all or a portion of our business or assets, we may share or transfer your personal information as part of such corporate transaction;
  • Servier group companies for a legitimate purpose. All the Servier group companies are subject to binding corporate rules, which protect the confidentiality of your information;
  • Our staff as required for them to exercise their roles and functions;
  • Service providers to SERVIER (such as our IT service providers) who provide support services to us – only if it is necessary, subject to confidentiality undertakings and legislation protecting the privacy of your personal information; 
  • Our accountant and/or auditor;
  • Our professional advisers (including legal advisers); and
  • Our insurers, if required in the unlikely event of a claim.

Specific sharing of the personal information may include –

In respect of Directors:

  • Banks;
  • Travel agents; and
  • Other relevant persons and bodies such as funders and our clients.

In respect of Employees and their Dependants:

  • Employee benefits’ providers such as the company-supported medical scheme and the pension fund.

In respect of Healthcare Providers:

  • Travel agents;
  • CPD accreditation agencies;
  • Funders, if necessary and lawful;
  • Credit control bodies; and
  • Debt collectors.

Personal information of Patients:

  • Relevant healthcare practitioners.

14.   Social Networking Platforms

We use social networking platforms such as LinkedIn, X (formerly Twitter) and Facebook to communicate with stakeholders about our products and services. When you communicate with us through these services, the relevant social networking service may collect your personal information for its own purposes. These platforms have their own privacy policies. You should consult their privacy policies and documents for information about their privacy practices.

15.   Record-Keeping

We keep records of your personal information for as long as it is necessary for lawful purposes related to our business and in accordance with the law, including to provide services to you, comply with legal obligations, perform and enforce agreements, for historical, statistical and research purposes and as proof.

16.   Information Sent Across the Borders of the Republic of South Africa

We process, including store, your information on the systems of our parent company, hosted in France. France is subject to the General Data Protection Regulation (GDPR) in the European Union, which offers stringent protection for individuals’ personal information. All the Servier group companies have concluded binding corporate rules to provide further protection to all personal information processed by group companies. If we must provide your personal information to any other third party in another country, we will obtain your prior consent unless such information may be lawfully provided to that party.

17.   Security of Your Personal Information

We are committed to ensuring the security of your personal information to protect it from unauthorised processing and access as well as loss, damage or unauthorised destruction. There are inherent risks in the electronic transfer (e.g., by email) and storage of personal information. We will take all reasonable steps to protect your information. We have implemented, and will continually review and update, information protection measures to ensure the security, integrity and confidentiality of your information following industry best practices. These measures include the physical securing of hard copy records; multi-factor authentication to access electronic records; encryption of information and devices and off-site data back-ups. In addition, only those employees and service providers who require access to your information to discharge their functions and to render services to us are granted access to your information. They must also sign agreements with us regarding the protection of your information. They may only use your information to render services to us. We will inform you and the Information Regulator if any person has unlawfully obtained access to your personal information, subject to the provisions of the law.

18.   Right to Access Personal Information

You have the right to request access to your personal information/records and the identities of the third parties to whom we supplied your information. Your right is not unlimited. The law imposes certain restrictions on this right. If you wish to exercise this right, you must complete a specific form, available at our offices and from the Information Officer. Costs may apply to your request. The Information Officer can provide you with further information. You should also consult our PAIA Manual, which is available on our website.

19.   Accuracy of Personal Information

We must always have accurate information about you on record as it could impact on communication with you, efficient services to you and the credibility of information that we share with regulators and other relevant persons. You must, therefore, inform us as soon as any of your information has changed. You may also request that we correct or delete any information. Such a request must be made in writing on a specific form, which is available at reception or from the Information Officer. You must provide sufficient detail to identify the information and the correction or deletion required. Information will only be corrected or deleted, if we agree that the information is incorrect or should be deleted. It may not be possible to delete any or all of the information if we may lawfully retain it. Please enquire with the Information Officer to discuss how we can assist you with your request. If we correct any information and the corrected information will impact any decision made or to be made about you, we will send the corrected information to persons to whom the information has been disclosed in the past, if they should be aware of the changed information.

20.   Marketing of Products and Services

We may occasionally inform you, electronically or otherwise, about our products, services and events that may be beneficial to you if you have provided consent unless the law permits us to do so. You may at any time withdraw your consent and/or opt-out from receiving such information.

21.   Changes to this Privacy Policy

We reserve the right in our sole and absolute discretion, to revise or supplement this Privacy Policy from time to time to reflect changes related to the processing of personal information or the law. We will publish the updated Privacy Policy on our website. It will also be available at our offices. Any revised version of the Policy will be effective as of the date of posting on the website, so you should always refer back to the website for the latest version of the Policy. It is your responsibility to make sure you are satisfied with any changes before continuing to use our products and services. If you have any questions concerning this Policy, please e-mail us at privacy-za@servier.com.   

22.   Enquiries and Concerns

All enquiries, requests or concerns regarding this Policy or relating to the processing of your personal information should be addressed to the Information Officer. You may also complain to the Information Regulator at POPIAcomplaints.IR@inforegulator.org.za (violation of personal information) or PAIAcomplaints.IR@inforegulator.org.za (access to record requests). We would appreciate it if you would allow us to consider your request or complaint before you approach the Information Regulator.

23.   Law Applicable to this Privacy Policy

This Privacy Policy is governed by the laws of the Republic of South Africa and is subject to the jurisdiction of the South African courts.