Privacy Policy - IPEC Federation

Privacy

Introduction

The International Pharmaceutical Excipients Council Federation (henceforth referred to as IPEC Federation) is committed to promoting the best use of excipients in medicines, developing global quality standards and improving the safety of excipients.

This policy sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us.

The rules on processing of personal data are set out in the General Data Protection Regulation EU 2016/679 (henceforth the GDPR).

 

  • Definition

Data controller:            A controller determines the purposes and means of processing personal data.

Data processor:           A processor is responsible for processing personal data on behalf of a controller.

Data subject:                Natural person.

Categories of data:      Personal data and special categories of personal data.

Personal data:             The GDPR applies to ‘personal data’, meaning any information relating to an identifiable person who can be directly or indirectly identified in particular by reference to an identifier (Article 6 of GDPR). For example name, mobile number, or email address. Online identifiers include IP addresses and cookies.

Processing:                 It means any operation or set of operations that is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

Member:                      It means the representatives of the company members of IPEC Federation, the natural person who are co-opted member, the representatives of the organisation associated to IPEC Federation.

Third party:                 It means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data.

  • Data controller

IPEC Federation is the data controller. We are committed to safeguarding the privacy of our members, non-members, collaborators, and our website visitors. As such, we determine the purposes and means of the processing of personal data. This means IPEC Federation decide how your personal data is processed and for what purposes.

For all data matters, please contact us at privacy@ipec-federation.org in the first instance.

 

  • The purpose(s) of processing your personal data

We use your personal data for the following purposes:

Members: § To inform you on IPEC Federation key activities including but not limited to introducing new IPEC Federation members, updating you on IPEC Federation Committees activities;

§ To send you relevant regulatory updates and development;

§ To announce upcoming events, such as conferences, webinars, trainings, etc.;

§ To send you IPEC Federation news and updates ;

§ To contact the relevant representative about your company member’s ongoing relationship with IPEC Federation including membership fee invoice, representative data update;

§ To offer you promotional opportunities for your company as appropriate, such as sponsorship opportunities, media appearances; and

§ To seek your opinion on IPEC Federation activities, or projects through polls, surveys or other.
Non-members: § To announce upcoming events, such as conferences, webinars, trainings, etc.;

§ To send you IPEC Federation news and updates ;

§ To offer you promotional opportunities for your company as appropriate, such as sponsorship opportunities, media appearances; and

§ To seek your opinion on IPEC Federation activities, or projects through polls, surveys or other.
  • The categories of personal data concerned

With reference to the categories of personal data described in the definitions section, the amount of data we hold varies depending upon the data subject and the time and date at which it was acquired. At most, we process the following categories of your data:

Members: § Title;

§ First Name & Last Name;

§ Work address;

§ Home address (if supplied);

§ Work email address;

§ Private email address (if supplied);

§ Job title;

§ Telephone number;

§ Mobile telephone number;

§ IPEC Federation events, webinars and trainings you have attended;

§ Positions you may hold or previously have held within IPEC Federation such as Board Member; and

§ Your professional area of interest.

 
Non-members: § Title;

§ First Name & Last Name;

§ Work address;

§ Work email address;

§ Job title;

§ Telephone number;

§ Mobile telephone number;

§ IPEC Federation events, webinars and trainings you have attended; and

§ Your professional area of interest.

 

Your personal data was obtained via one or more of the followings:

Members: § You provided it directly to us when your company became an IPEC Federation member;

§ Your provided it via the IPEC Federation website when your registered to the IPEC Federation newsletter or downloaded an IPEC publication and gave your explicit consent to be contacted in the future by IPEC Federation;

§ It was provided directly to us by a company colleague as a contact we could approach on particular matters relating to IPEC Federation’s activities; and

§ You attended or registered interest or took part in some other way in an IPEC Federation event, webinar, training and provided explicit consent to be contacted in the future by IPEC Federation.
Non-members: § Your provided it via the IPEC Federation website when your registered to the IPEC Federation newsletter or downloaded an IPEC publication and gave your explicit consent to be contacted in the future by IPEC Federation; and

§ You attended or registered interest or took part in some other way in an IPEC Federation event, webinar, training and provided explicit consent to be contacted in the future by IPEC Federation.
  • Legal basis for processing your personal data?

IPEC Federation has your explicit consent as a data subject according to our records. For company members, IPEC Federation will fulfil its contractual duties and otherwise as a membership association.

 

  • Sharing your personal data

Your personal data will be treated as strictly confidential; and relevant information will be shared only with:

  • IPEC Federation’s website and IT service providers as appropriate and required to ensure the good communication within IPEC Federation’s membership and third parties;
  • IPEC Federation’s mass mailout service provider; which needs to hold email addresses, preferences and unsubscribe data to function effectively and legally; and
  • Other data may be held for a period of time within other service providers to IPEC Federation; such as online forms or event registration sites; so that it may be migrated to the IPEC Federation’s CRM at suitable intervals or as necessary.

 

  • Retention of data

We keep your personal data for no longer than reasonably necessary and we only retain your data for the following purposes and use the following criteria to determine how long to retain your personal data:

  • Whether consent has been given;
  • Whether the company you work for is a member; pending member or potential member of IPEC Federation; and
  • Whether a record of your interactions with IPEC Federation is necessary in order for IPEC Federation to continue to efficiently perform its core duties and activities as a membership organisation.

 

  • Your rights and your personal data

Unless subject to an exemption under the GDPR; you have the following rights with respect to your personal data:

  • To request a copy of the personal data that we hold about you;
  • To request that we correct any personal data if it is found to be inaccurate or out of date;
  • To request your personal data is erased where it is no longer necessary to retain such data;
  • To withdraw your consent to the processing at any time; giving IPEC Federation a reasonable amount of time to action that request. In cases where consent was not the sole lawful basis upon which IPEC Federation was processing your personal data; we may contact you to establish an alternative point of contact for your company or organisation; if reasonably required by IPEC Federation in order to fulfil its duties;
  • Where there is a dispute in relation to the accuracy or processing of your personal data; to request a restriction is placed on further processing; and
  • To object to the processing of personal data (i.e. where processing is based on legitimate interests; direct marketing or processing for the purposes of research and statistics).

 

  • Transfer of data abroad

If any data is held by service providers to IPEC Federation (see section 6) for any reason; it may be held abroad. As data controller; IPEC Federation takes reasonable steps to ensure that any service providers that hold personal data that was submitted To IPEC Federation comply with GDPR regulations.

  • Further processing

If we wish to use your personal data for a new purpose not covered by this Privacy Policy; then we will provide you with a new notice explaining this new use prior to commencing the processing and setting out the relevant purposes and processing conditions.

  • Changes to our privacy policy

Any changes we may make to our Privacy Policy in the future will be posted on this page and; where appropriate; notified to you by e-mail. Please check back frequently to see any updates or changes to our privacy policy.

  • How to make a complaint

To exercise all relevant rights; queries or complaints; please contact: privacy@ipec-federation.org