BFC PRIVACY STATEMENT

    This privacy policy applies to data processing at:

    Baggerman Farma Consult BV (hereinafter: BFC)
    Barrierweg 3-G
    5622CL Eindhoven
    The Netherlands
    Email: office@bfc.nl, Phone: +31 (0)40 2453611

    BFC is responsible for the processing of personal data as shown in this privacy statement, in line with the General Data Protection Regulation, also known as the GDPR or EU Regulation 2016/679.

    BFC cares about your privacy. We therefore only process data that we need for (improving) our services and carefully handle the information we have collected about you. We never make your data available to third parties for commercial purposes.

    This privacy policy describes what information about you is collected by us, what this data is used for and with whom and under what conditions this data can possibly be shared with third parties. We also explain to you how we store your data and how we protect your data against misuse and what rights you have with regard to the personal data you provide us.

    The starting date for the validity of these conditions is 01 November 2019. With the publication of a new version the validity of all previous versions is cancelled.

    If you have questions regarding this policy or about the privacy practices of BFC or you wish to exercise your privacy rights under the GDPR, please contact us at: office@bfc.nl or tel. +31(0)40 2453611.

    Personal data that we process and its purpose

    ‘Personal data’ means any information relating to an identified or identifiable natural person. Where BFC collects personal data directly from visitors to this website, job applicants, its customers and suppliers we act as a controller. Where we collect data from patients, caregivers and medica professionals we act as a processor. As a controller we inform data subjects about the purpose for which we collect and use their personal data with this policy. Where we are a processor, we work with our customers to help them provide notice to their patients, caregivers and medical professionals concerning the purpose for which personal data is collected via our customers.

    Visitors of our website

    We only use your data for the benefit of our services. This means that the purpose of the processing is always directly related to the assignment you provide. We do not use your data for (targeted) marketing. Your information will not be shared with third parties, other than to comply with accounting and other administrative obligations. These third parties have all been kept confidential and pledged themselves to keep your data confidential based on the agreement between them and us or an oath or legal obligation

    Data that is automatically collected by our website is processed with the aim of further improving our services. Where appropriate, BFC can be held, based on a legal obligation, to share your data in connection with governmental or government criminal investigation. In such a case, we are forced to share your data, but we will oppose this within the possibilities that the law offers us.

    Job Applicants

    BFC provides consultancy services, project management and project execution for the biotechnology, (bio) pharmaceutical and health care industry. We receive CV’s and personal data from job applicants. If you are rejected as a job applicant, we will delete your CV and personal data within 4 weeks in accordance with guidelines from the Dutch Data Protection Authority. We may request your consent in order to preserve your application data for up to one year.

    Client and Supplier Data

    For management of clients, suppliers and its related contracts, we only collect names and professional personal data from the employees of our customers and suppliers. This information is stored in our systems and is not provided to any third party, except when necessary to perform our obligations under our contract with our customer or supplier. The information is used for providing agreed services, developing services and products, invoicing, and for the needs of customer relations.

    Patients, Caregivers and Medical Professionals

    BFC processes personal data on behalf of our customers, which concerns internationally established pharmaceutical companies. We conclude agreements with our customers to provide them our pharmacovigilance services, which includes the processing of information relating to patients and their medication. We will have to process personal data in connection with the legal obligation to ensure the safety of medicines and to process adverse reactions or other reports concerning products.

    In doing so, the information is provided to the relevant authorities for monitoring the use, side-effects, adverse effects of medications and interactions with other medication. This may involve extensive special and/or sensitive personal data, such as location data, date of birth, biometric and genetic data, medical data and personal data of children. No initials are stored, unless other legal obligations apply. As for the information about caregivers and medical professionals, the information we process pertains primarily to contact information. Personal data from patients will only be provided to the relevant authorities anonymized, when reporting on possible effects of medication. This concerns data with which we can demonstrably record the existence of an actual patient (on the basis of gender and country of origin) and, if necessary, your contact details in order to answer your request. Where it is necessary and/or legally required to share this information with a third party, the information will be pseudonymized.

    How long will we store personal data

    BFC does not store your personal data for longer than is strictly necessary to realize the purposes for which your data is collected. This means that BFC will retain personal data in general for a minimum of 7 years in accordance with legal obligations under Dutch law. When acting as a processor and our customers terminate any cooperation with BFC, any information that we hold on behalf of that customer is either deleted or returned to the customer in accordance with our service agreement.

    Sharing personal data with third parties

    BFC will not sell your information to third parties and will only provide this information if this is necessary for the execution of our agreement with our clients or to comply with a legal obligation. With companies that process your data in our assignment, and with our clients, we conclude a processor agreement to ensure the same level of security and confidentiality of your data. The personal data relating to patients, caregivers and medical professionals is stored within the EEA and the system and its server is maintained within the EEA.

    How we protect personal data

    BFC takes the protection of your data seriously and takes appropriate measures to prevent misuse, loss, unauthorized access, unwanted disclosure and unauthorized modification.

    We employ technological and organizational measures against unauthorized processing of such information and against loss, destruction of, or damage to, personal data:

    • Security of the access to automated environments;
    • Authorizations within automated environments based on ‘need to know’;
    • Physical security access of data centers and offices;
    • Confidentiality provisions in employment contracts and for other staff;
    • The use of encryption, pseudonymization/anonymization, where possible;
    • Continuity plans during crises (crisis management procedure, back-ups and recovery plans and other plans).

    If you have the impression that your data is not secure or that there are indications of abuse, please contact us at office@bfc.nl.

    Automated decision-making

    BFC does not carry out automated processing; namely, decisions taken by computer programs or systems, without a person (for example an employee of BFC) sitting in between. So there are no decisions about matters that can have (significant) consequences for people.

    Cookies, or similar techniques, that we use

    BFC does not use cookies or similar techniques.

    View, modify or delete data

    You have the right to view, correct or delete your personal data. You also have the right to withdraw your consent to the data processing or to object to the processing of your personal data by BFC or its clients, and you have the right to data portability. This means that you can submit a request to us to send the personal information we have in your computer file to you or another organization mentioned by you. You can send a request for access, correction, deletion, data transfer of your personal data or request for cancellation of your consent or objection to the processing of your personal data to office@bfc.nl. To ensure that the request for access has been made by you, we ask you to send a copy of your ID with the request. Make your passport photo, MRZ (machine readable zone, the strip with numbers at the bottom of the passport), passport number and citizen service number (BSN) black in this copy. This is to protect your privacy. We respond as quickly as possible, but within four weeks, at your request. BFC also wishes to point out that you have the opportunity to file a complaint with the national supervisory authority, the Dutch Data Protection Authority. This can be done via the following link: https://autoriteitpersoonsgegevens.nl/nl/contact-met-de-autoriteit-persoonsgegevens/tip-ons.

    Changes to the privacy policy

    Should we make amendments to this privacy policy, we will place the amended statement on our website, with an indication of the amendment date. If the amendments are significant, we may also inform you about this by other means, for example by sending an email or placing a bulletin on our homepage. We recommend that you review these privacy protection principles from time to time to ensure you are aware of any amendments made.