Alfred Gera & Sons Limited: Privacy Notice

Introduction

Welcome to Alfred Gera & Sons Limited’s dedicated privacy notice for customer and patient complaints/reports.

Ensuring customer satisfaction and patient safety is of utmost importance to us and our business.

As an authorized distributor of medicinal products, Alfred Gera & Sons Limited (C 120) of 10, Triq il-Masgar, Qormi, Malta (“AGS”; “we”; “us”; “our”) carries out safety monitoring and pharmacovigilance reporting activities. We are legally and contractually required to report any adverse events communicated to us to the relevant public authorities and agencies, such as the European Medicines Agency (EMA) and the Maltese Medicines Authority (MA), as well as to the product manufacturer. We also maintain records of complaints, adverse events, and other incidents reported to us by customers, patients, healthcare professionals (HCPs), and other individuals regarding the products we distribute (our “Activities”).

This privacy notice (the “Notice”) explains how we may collect and process your personal data in connection with our Activities. It provides information on:

  • What personal data we may collect about you
  • How we handle your personal data
  • Our legal obligations for data protection
  • Your privacy rights as a data subject
  • How the law protects you

We operate and control the following website: https://www.alfredgera.com/2020/ (the “Website” or the “Site”).

For definitions of certain terms used in this Notice, please refer to Section 2.

1. Important Information and Who We Are

Purpose of this Notice

Your trust and privacy are important to us, and we are committed to protecting your personal data.

We process your personal data lawfully and appropriately, in accordance with the Data Protection Act (Chapter 586 of the Laws of Malta) (the “Act”) and the General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679).

This Notice applies to all individuals (customers, patients, or HCPs acting on behalf of a patient) who make or submit a complaint, inquiry, or report to us, regardless of how they communicate with us (phone, email, fax, or through our website).

Please read this Notice together with any other privacy notice or policy we provide on specific occasions when collecting or processing your data.

Controller

AGS is the data controller, meaning we are responsible for your personal data.

We have appointed a Data Protection Contact Point (DPCP) to oversee data protection matters. If you have any questions or wish to exercise your legal rights (see Section 9), please contact our DPCP using the details below.

Contact Details
  • Company Name: Alfred Gera & Sons Limited (C 120)
  • Email: pv@alfredgera.com
  • Address: 10, Triq il-Masgar, Qormi QRM3217, Malta
  • Phone: +356 2144 6205
Changes to the Notice and Your Duty to Inform Us of Changes

We regularly review our Privacy Notice. If we make updates, we will notify you accordingly.

2. Key Definitions

Below are key terms used in this Notice:

  • Adverse event – An unintended response to a medicinal product distributed by AGS.
  • Consent form – A document requesting explicit consent for processing data not covered by this Notice.
  • Data subject – A living individual whose personal data we collect and process.
  • Data controller – The entity responsible for determining the purpose and manner of processing personal data.
  • Data processor – A third party that processes data on behalf of AGS.
  • Personal data – Any information that identifies an individual, including name, contact details, ID number, etc.
  • Processing – Any operation performed on personal data, including collection, storage, and sharing.
  • Sensitive personal data – Includes information on racial or ethnic origin, political opinions, health data, etc.

3. Reporting on Behalf of a Third Party

If you report an adverse event concerning another individual, you must obtain their consent before sharing their personal data with us. You must also inform them about this Notice so they are aware of how their data may be used.

4. Data We Collect

We collect personal data when:

  • You submit an inquiry
  • You make a complaint
  • You report an adverse event related to a product we distribute

We collect:

  • For reporters: Name, surname, contact number, email, profession, details about the adverse event, and relationship to the affected individual.
  • For subjects of an adverse event report: Name, age, date of birth, gender, weight, height, product details, dosage, event details, and related documents.

We remove identifiers whenever possible before onward reporting to authorities such as the EMA and MA or the product manufacturer.

5. Purpose and Legal Basis for Processing Data

We process personal data for:

  • Reporting adverse events to manufacturers and public agencies
  • Complying with legal obligations
  • Protecting public health and safety

We rely on the following legal bases under GDPR:

  • Compliance with a legal obligation (Article 6(1)(c))
  • Protection of vital interests (Article 6(1)(d))
  • Legitimate interests (Article 6(1)(f))

For sensitive data, we rely on:

  • Public interest in health and safety (Article 9(2)(i))
  • Preventive or occupational medicine (Article 9(2)(h))

6. Sharing Your Data

We may share personal data with:

  • Healthcare authorities and regulatory bodies (e.g., EMA, MA)
  • Product manufacturers
  • Consultants and professional advisors
  • Third-party IT service providers

We require third parties to follow strict security measures when processing data on our behalf.

7. International Transfers

If we transfer personal data outside the EEA, we ensure:

  • The recipient country has adequate protection under EU law.
  • We use EU-approved standard contractual clauses for data transfer.

For details on specific safeguards, contact us.

8. Data Security

We implement security measures to prevent unauthorized access, alteration, or disclosure of your personal data. Employees who process personal data are bound by confidentiality agreements.

9. Retention Period

We retain pharmacovigilance-related data for at least 10 years after a product is removed from the market as required by law.

10. Cookies

Our websites uses cookies. For details, refer to our Cookie Policy.

11. Your Rights Under GDPR

You have the right to:

  1. Access your personal data
  2. Correct inaccurate data
  3. Request erasure of data under certain conditions
  4. Object to data processing
  5. Restrict processing
  6. Request data transfer (portability)
  7. Withdraw consent (where applicable)

To exercise your rights, email pv@alfredgera.com.

12. Complaints

If you have concerns about data processing, you may contact Malta’s Information and Data Protection Commissioner (IDPC) at https://idpc.org.mt/en.

13. Conclusion

We may update this Notice in the future. For any questions, please contact us.