1. GENERAL WARNING

 1.1          European Healthcare Distribution Association / Groupement International de la Répartition Pharmaceutique (hereinafter, « GIRP ») respects the privacy of its users (hereinafter, the “Users“).

 1.2          GIRP processes the personal data transmitted to it in accordance with the legislation in force, and, in particular, Regulation 2016/679 of 27 April 2016 on the protection of individuals with regard to the processing of personal data and the free movement of such data, applicable from 25 May 2018 (hereinafter the “General Data Protection Regulation“).

 1.3          Access to the website http://girp.eu/ (hereinafter, the “Website”) implies the User’s full understanding of this Privacy Policy (hereinafter the “Policy”) as well as the acceptance of the cookie policy (hereinafter, the “Cookie Policy”) and the general terms of use (hereinafter the “Terms”).

1.4          The User acknowledges having read the information below regarding GIRP process, in accordance with the provisions of the Policy, of the personal data that he/she communicates on GIRP on its Website (hereinafter, the “Service“).

 1.5          The Policy is valid for all pages hosted on the Website and for the registrations of this Website, as well as all company pages managed by GIRP on social networks, who is jointly responsible with the social network for the processing of data of visitors to the page. It is not valid for the pages hosted by third parties to which GIRP may refer and whose privacy policies may differ. GIRP cannot therefore be held responsible for any data processed on these Websites or by them.

  1. DATA CONTROLLER AND DATA PROTECTION OFFICER

2.1          Simply visiting the Website shall take place without requiring you to manually provide any personal data, such as first name, surname, postal address, e-mail address, etc.

2.2          As part of the Service, the User may be required to provide certain personal data. In this case, the data controller is:

GIRP

Rue de la Loi 26, 10th floor, box 14

B – 1040 Brussels

Belgium

Belgian business registry (BCE) number: 0464.770.352.

privacy@girp.eu

2.3          Any question regarding the processing of this data may be sent to the following address:

privacy@girp.eu

  1. DATA COLLECTED

3.1          By using the Website, the User understands that GIRP records and stores, for the purposes mentioned in point 4, the following information:

      • your identifying information (surname, first name, e-mail address, telephone number, postal address, date of birth and country);
      • our communications (by email or other);
      • If applicable: date of your participation at an even.
      • The User also acknowledges that GIRP records and stores the following data for the purposes mentioned in point 4:
      • information voluntarily provided by the User for a purpose specified in the Policy, the Terms, the Cookie Policy, on the Website or on any other instrument of communication used by GIRP
      • additional information requested by GIRP to the User in order to identify him or to prevent him from violating any of the provisions of the Policy.

3.3          In order to facilitate browsing the Website as well as to optimize technical management, the Website may use “cookies”. These “cookies” record, in particular:

      • the User’s browsing preferences;
      • the date and time of access to the Website and other data related to traffic;
      • the pages visited.

All information relating to “cookies” is included in GIRP’s Cookie Policy.

3.4          When the User accesses the Website, the servers consulted automatically record certain data, such as:

      • the type of domain with which the User connects to the Internet;

3.5          No nominative data directly identifying the User is collected through the cookies and servers consulted. This information is kept for statistical purposes only and to improve the Website.

  1. PURPOSES OF PROCESSING THE DATA

4.1          We process your data for various purposes. For each purpose, only the data relevant to the pursuit of the purpose in question are processed. The processing consists of any operation (manual or automated) on a personal data. GIRP collects, stores and uses its Users’ data for the following purposes, in particular:

      • to establish, carry out and conduct the relationship with the User;
      • to analyse, adapt and improve the content of the Website;
      • to provide the information regarding GIRP;
      • to respond to the User’s inquiry about GIRP;
      • to develop our business and build a better understanding of what our Users’ needs in the field of medicine distribution;
      • formulates, ensures, promotes and defends opinions and measures relative to the scope of GIRP activities at national, European and international level;
      • provides and exchanges data on scientific research, information and services related to the activities of its members;
      • establish statistics regarding medicine distribution;
      • to enable you to register and participate to one of our events;
      • to allow the User to receive messages;
      • to facilitate the availability and use of the Website;
      • to personalize the User’s experience on the Website;
      • to respond to requests for information;
      • for any communication activities and promotions of GIRP’s activities to Users who have given their consent;
      • to inform them about any changes on the Website and its features;
      • for any other purpose to which the User has expressly consented.

4.2          The legal basis of the processing of your personal data is based on:

– ☒your consent;

– ☒the execution of any request from you;

We do need to collect some of your data to answer any request from you. If you choose not to share this data with us, it may render the performance of the contract impossible.

– ☐ a legal obligation imposed on the controller;

We do need to collect and store some of your data to meet various legal requirements, including tax and accounting.

– ☐ the protection of vital interests;

– ☐ for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller, or

– ☒ our legitimate interest, provided that it is in accordance with your interests, freedoms and fundamental rights.

We have a legitimate interest in providing you with this information and interacting with you, especially to respond to your requests or improve our services, prevent abuse and fraud, control the regularity of our operations, exercise, defend and preserve our rights, for example in litigation, as well as evidence of a possible violation of our rights, manage and improve our relations with you, continually improve our Website and our products/services, unless such interests are supplanted by your interests or your fundamental rights and freedoms requiring the protection of your personal data. We take care in any GIRP to maintain a proportionate balance between our legitimate interest and respect for your privacy.

If the legal basis of our treatment is your consent, you have the right to withdraw it at any time without prejudice to the lawfulness of the processing performed prior to withdrawal.

When you receive information in the context of direct communications, this means that you can unsubscribe at any time from newsletters and other commercial communications from us (e.g. invitations to GIRP events). You will be put in “opt-out”. You can unsubscribe by sending us an email at the following address: privacy@girp.eu. Please note that it may take up to 5 working days to process your opt out request.

  1. RIGHTS OF THE DATA SUBJECT

5.1          According to the regulations on the processing of personal data, the User has the following rights:

      • Right to be informed about the purposes of the processing (see above) and the identity of the data controller.
      • Right of access: the User may at any time have access to the data that GIRP has on him or check if it is included in the database of GIRP.
      • Right to rectification: we take all reasonable steps to ensure that the data we hold is up to date. We encourage you from time to time to access your account (if applicable) or to consult us to check that your data is up to date. If you find that your data is inaccurate or incomplete, you have the right to ask us to correct it.
      • Right to object: the User may, at any time, object to the use of his data by GIRP and by other GIRP State members .
      • Right to erasure: the user may, at any time request the deletion of his personal data, except those which GIRP has a legal obligation to keep on record.
      • Right of limitation of processing: the User may, in particular, obtain a limitation of processing when he has objected to the processing, when he disputes the accuracy of the data, or when he considers that the processing is illegal.
      • Right of portability: The User has the right to receive the personal data that he has communicated to GIRP and may also ask said company to send this data to another data controller.

5.2          In order to exercise his rights, the User sends a written request, accompanied by a copy of his

identity card or his passport, to the data controller:

5.3          GIRP will then take the necessary steps to satisfy this request as soon as possible and in any GIRP within one month of receipt of the application. If necessary, this period can be extended by two months, given the complexity and the number of requests.

  1. PERIODE OF STORAGE

6.1          GIRP will keep the personal data of its Users for the duration necessary to achieve the objectives pursued (see point 4)

6.2          GIRP may also continue to keep personal data concerning the User, including all correspondence or request for assistance sent to GIRP in order to be in a position to reply to all questions or complaints that may be sent to it or after an event organized by GIRP, and in order to comply with all applicable laws, namely in tax matters or as part of other legal requirements. Once this goal is achieved, we either delete or anonymize.

  1. COMPLAINT WITH THE SUPERVISORY AUTHORITY

7.1          The User is informed that he has the right to lodge a complaint with the Data Protection Authority:

Data Protection Authority
Rue de la Presse 35, 1000 Brussels

Tel: +32 (0)2 274 48 00

Fax: +32 (0)2 274 48 35
contact@apd-gba.be

  1. SECURITY

8.1          In addition, GIRP has taken the appropriate organizational and technical measures to ensure a level of security adapted to the risk and that, to the extent possible, the servers hosting the personal data processed prevent:

      • unauthorized access to or modification of this data;
      • improper use or disclosure of such data;
      • unlawful destruction or accidental loss of such data.

8.2          In this respect, employees of GIRP and GIRP members who have access to this data are subject to a strict confidentiality obligation. Nevertheless, GIRP may in no way be held liable in the event that this data is stolen or hijacked by a third party despite the security measures adopted.

8.3          Users undertake not to commit acts that may be contrary to this Policy, the Terms, the Cookie Policy or, in general, the law. Violations of confidentiality, integrity and availability of information systems and data which are stored, processed or transmitted by these systems, or the attempt to commit one of these violations, shall be punishable by imprisonment of between three months and five years and a fine of between twenty-six euros and two hundred thousand euros, or one of these penalties only.

  1. COMMUNICATION TO THIRD PARTIES

9.1          GIRP treats personal data as confidential information. It will not communicate them to third parties under any condition other than those specified in the Policy, such as to achieve the objectives set out and defined in point 4, or under the conditions in which the law requires it to do so.

9.2.         Upon your approval and if deemed necessary, we share your personal information with GIRP members (you have the choice identify which states), all of which provide the same high level of security and protection. When sharing information outside GIRP and with your direct permission (e.g. consulate, embassy, 3rd parties in professional services), we make sure that your information is protected as far as reasonably possible.

9.3          GIRP may communicate its Users’ personal information to third parties to the extent that such information is necessary for the to provide its Users with the Website or answer Users requests. In such GIRP, these third parties will not communicate this information to other third parties, except in one of the two following situations:

      • the communication of this information by such third parties to their suppliers or subcontractors to the extent necessary for the performance of the contract;
      • where such third parties are obliged by the regulations in force to communicate certain information or documents to the competent authorities in the field of combating money laundering, as well as, in general, to any competent public authority.

9.4          The communication of this information to the aforementioned persons shall, in all circumstances, be limited to what is strictly necessary or required by the applicable regulations.

9.5          We do not sell any data

  1. TRANSFER TO A COUNTRY OUTSIDE OF THE EUROPEAN ECONOMIC AREA

10.1        GIRP transfers data to a country outside the European Economic Area only when that country ensures an adequate level of protection within the meaning of the legislation in force and, in particular, within the meaning of the General Data Protection Regulation (for more information on the countries offering an adequate level of protection, see: https://goo.gl/1eWt1V), or within the limits permitted by the legislation in force, for example by ensuring the protection of data by appropriate contractual provisions.

10.2        The information processed by GIRP will be transferred or transmitted, or stored and processed, to our members in the  EU, EEA, EFTA countries, the United States and Canada. These data transfers are based on our legitimate interest to share our list of members within the organisation. We use standard contractual clauses approved by the European Commission and we rely on the European Commission’s adequacy decisions concerning certain countries, where appropriate, for data transfers from the European Economic Area. If you have any questions in this regard, do not hesitate to contact us at the following address: privacy@girp.eu

  1. DIRECT COMMUNICATION

11.1       We only use your email address to send you information about GIRP and our activities.

11.2        Based on our legitimate interest based on our existing relationship, we will subscribe you to our newsletter and provide you with information that may interest you. You can unsubscribe from these communications at any time by sending an email to the following address: privacy@girp.eu

  1. NOTE CONCERNING MINORS

Persons under the age of 18 and persons who do not have full legal capacity are not allowed to use the Website. GIRP asks them not to provide their personal data. Any infringement found in this provision must be reported without delay to the following address privacy@girp.eu

  1. UPDATES AND CHANGES TO THE POLICY

By informing Users through the Website or email, GIRP may modify and adapt the Policy, in particular to comply with any new legislation and/or regulations applicable (such as the General Data Protection Regulation), the recommendations of the Belgian Data Protection Authority, the guidelines, recommendations and best practices of the European Data Protection Board and the decisions of the courts and tribunals on this issue.

  1. VALIDITY OF THE CONTRACTUAL CLAUSES

14.1        Failure by GIRP to invoke – at any given time – a provision of this Policy, may not be interpreted as a waiver to subsequently make use of its rights under the said provision.

14.2        The invalidity, expiration or the unenforceable nature of all or part of one of the above or below mentioned provisions shall not give rise to the invalidity of all the Policy. Any fully or partially invalid, lapsed or unenforceable provision shall be deemed not to have been written. GIRP undertakes to substitute this provision with another which, to the extent possible, fulfils the same objective.

  1. APPLICABLE LAW AND COMPETENT COURT

15.1        The validity, interpretation and/or implementation of the Policy are subject to Belgian law, to the extent permitted by the provisions of applicable private international law.

15.2        In the event of a dispute relating to the validity, interpretation or implementation of the Policy, the courts and tribunals of Brussels have exclusive jurisdiction, to the extent permitted by the provisions of applicable private international law.

15.3        Before taking any step towards the judicial resolution of a dispute, the User and GIRP undertake to attempt to resolve it amicably. To this end, they shall first contact each other before resorting, where appropriate, to mediation, arbitration, or any other alternative method of dispute resolution.