PharmaEssentia Corporation Privacy Policy

PharmaEssentia Corporation (“PharmaEssentia”) is firmly committed to and places the utmost importance on safeguarding your personal data and protecting your privacy rights. This Privacy Policy (“Policy”) sets forth our dedication to helping you to understand how PharmaEssentia collects, processes, uses, and safeguards your personal data

  • 1. Scope of Application

    1.1   This Policy applies to all personal data collected, processed, and used by PharmaEssentia, including the personal data collected by PharmaEssentia under the following circumstances:

    • The personal data provided by you when you use or access PharmaEssentia’s official website, or official webpages official web channels hosted by PharmaEssentia on third-party media platforms;
    • The personal data required by applicable laws or by the nature of the service when you use PharmaEssentia’s products or services; and
    • The personal data directly provided by you to PharmaEssentia through its branches, subsidiaries, suppliers, partners (including but not limited to business entities and governmental authorities), or affiliates engaged by or cooperating with PharmaEssentia, for the purpose of achieving specific purposes.

    1.2   This Policy does not apply to any entities not owned or controlled by PharmaEssentia, nor to personnel not employed or managed by PharmaEssentia. In particular, it does not apply to personal data you provide when logging into third-party platforms operated by PharmaEssentia, or any third-party websites linked from PharmaEssentia’s website.

  • 2. Categories of Personal Data Collected

    2.1   When you use PharmaEssentia’s products, receive its marketing or other services, or participate in its events, PharmaEssentia may collect personal data within the necessary scope as required by law or by the nature of the service. Depending on the nature of the interaction, the types of personal data may include your name, personal or professional contact information (e.g., telephone number, address, email address), job title (including department and organization), educational and professional background, industry, date of birth, national identification number and other personal data. If you provide personal data pertaining to others, you must ensure that you have obtained proper authorization and consent from the data subject and ensure the accuracy and lawfulness of such personal data.

    2.2   When using PharmaEssentia’s website, PharmaEssentia will automatically collect server log data from your browser, including but not limited to your Internet Protocol (IP) address, cookie data, access logs, time of use, browsing history, and clickstream data.

  • 3. Use of Personal Data

    3.1  PharmaEssentia may collect, process, and use your personal data for the following specific purposes in accordance with applicable laws:

    • To communicate with you through various means, including physical mail, email, telephone, fax, mobile notifications, or text messages;
    • To provide information related to our services or products, including but not limited to disease education, seminars, lectures, event updates, promotional materials, or business communications; and
    • To obtain your feedback on our services and events.

    3.2  PharmaEssentia will use your personal data only for the specific purposes for which it was collected and within the scope permitted by law. Your personal data will not be used for other purposes without your consent. Unless your prior consent has been obtained or as otherwise required by law, PharmaEssentia will not disclose your personal data to any third party.

    3.3  Where it is necessary to engage affiliates or third parties (e.g., logistics providers, payment processors, IT system providers, medical institutions, or government authorities) to assist in the provision of services involving the processing of personal data, PharmaEssentia will implement appropriate contractual and supervisory measures to ensure the security and confidentiality of your personal data.

  • 4. Data Protection Measures

    PharmaEssentia attaches paramount importance to the protection of personal data and adopts strict security measures to safeguard personal data. All networks, systems, software, and personnel involved in the collection, processing, or use of personal data fall under PharmaEssentia’s information security framework. Security measures include:

    • Segregated user accounts with non-shared credentials;
    • Access control ensuring only duly authorized personnel may process personal data;
    • Security technologies such as encryption, firewalls, data loss prevention (DLP), and endpoint detection and response (EDR) systems for intrusion detection and incident response.

    In addition, internal staffs shall receive regular trainings regarding data protection and confidentiality. Any employee who breaches confidentiality obligations shall be subject to disciplinary actions and legal liability.

  • 5. Data Sharing

    PharmaEssentia strictly prohibits the unauthorized sharing of your personal data with third-party vendors unless:

    • You have explicitly consented to such sharing; or
    • It is required by law or pursuant to a lawful order by a competent governmental authority.

    To protect your privacy and that of others, PharmaEssentia will not disclose personal data of third parties upon your inquiry.

  • 6. Use of Cookies

    PharmaEssentia’s website uses cookies to record and analyze user behavior to improve website functionality and optimize user experience. The data collected through cookies is used solely for statistical analysis to enhance PharmaEssentia’s website content, systems, products, and services.

  • 7. Your Rights to Your Personal Data

    To protect your rights and interests, you are entitled to exercise the following rights regarding your personal data:

    • Right to withdraw consent (Opt-out): You may withdraw your consent to the use of your personal data at any time, unless otherwise provided by law.
    • Right to object/consent (Opt-in): PharmaEssentia will only collect, process, or use your personal data for specific and legitimate purposes with your consent, unless otherwise required by law.
    • Right to access: Subject to applicable laws, you may request access to or copies of your personal data held by PharmaEssentia.
    • Right to rectification: Subject to applicable laws, you may request the correction or supplementation of your personal data if it is inaccurate or incomplete.
    • Right to erasure: Unless otherwise provided by law or a valid contractual relationship between you and PharmaEssentia remains in place, you may request the deletion of your personal data.
    • Right to data portability: As a highly regulated industry, PharmaEssentia will not transfer your data without your consent.

  • 8. Period of Data Retention

    PharmaEssentia will retain your personal data in accordance with its internal data retention policies and applicable laws, for the period necessary to fulfill legitimate and lawful business purpose.

  • 9. Secondary Use of Personal Data

    PharmaEssentia collects, processes, and uses your personal data strictly in accordance with the Personal Data Protection Act, and PharmaEssentia will continuously monitor and manage the status thereof. PharmaEssentia will not make any secondary use of the personal data we collected.

Standard Operating Procedure, SOP

Chapter
 Procedures Terms

Supplier Privacy Risk Management
  1. Due Diligence: Conduct privacy and security assessments on vendors that process personal data.
  2. Standard Contractual Clauses (SCCs): All vendor contracts must include a "Data Processing Addendum" (DPA) that clearly defines the scope of data processing, security obligations, and liability clauses for breach of contract.
  3. Periodic Audits: Conduct at least one privacy and security written survey or on-site inspection for core vendors annually.

Data Access & Authorization Procedure
  1. Principle of Least Privilege: Employees shall only be granted the data access rights necessary for their specific business functions.
  2. Access Review: Conduct an annual inventory of access permissions and promptly remove access rights for employees who have resigned or been reassigned.
  3. Password Management: Require periodic updates of strong passwords and enable Multi-Factor Authentication (MFA).

Privacy Breach & Disciplinary Procedure
  1. Classification and Grading: Define the severity levels of privacy incidents (e.g., minor data leaks, significant legal risks).
  2. Response Mechanism: In the event of a violation, the Information Security unit shall intervene, and disciplinary actions will be taken in accordance with the Employee Handbook.
  3. Notification Procedures: Establish an internal reporting mechanism and notify the competent authorities based on specific circumstances or legal requirements.

Internal Privacy Compliance Audit
  1. Audit Frequency: At least one internal privacy self-audit must be conducted annually.
  2. Audit Items: Inspect whether data collection exceeds its original intended purposes, verify that Cookie notices are up to date, and review access authorization lists, among other items.
  3. Corrective Measures: Regarding any deficiencies identified during the audit, a person in charge must be assigned to track the progress of improvements.

Data Subject Rights Request Procedure
  1. Reception Channel: Please contact the grievance mailboxes (e.g., hr@pharmaessentia.com, voice@pharmaessentia.com) responsible for handling applications related to privacy information.
  2. Identity Verification: The applicant's identity must be verified before processing any request to prevent unauthorized claims or fraudulent use of data.
  3. Processing Timeframe: The review, correction, or deletion process must be completed within 90 days from the date identity verification is finalized.

We use cookies to enhance your browsing experience and for web traffic statistics purposes. By using this website, you agree to our cookies technical support. Learn more, please refer to our PRIVACY AND COOKIES PLOICY. Privacy policy