A new European Union personal data (PD) protection regulation – GDPR (General Data Protection Regulation) came into force on 25 May 2018.

As we are acting as the data processor in the definition of personal data protection regulation, you, our clients, are the controllers. We process PD on behalf of the controller in order to perform agreed activities under the contract in place. The controller determines the purposes and means of PD processing, regarding the regulatory obligations and controller's business needs. The controller may pass some of its obligations, to be specified in the contract between the controller and its processor, to its processor. In cases where we involve service providers for some business services, it is of course our responsibility to determine the means of PD processing in a contract with each our vendors (sub-processors). In contracts with our vendors we will take care to impose the same data protection obligations on our vendors as set out between us and the controller. We are the controller for some of our PD processing purposes such as for employee's and independent contractor's PD processing. Pharmazet Group has appointed its Data Protection Officer (DPO) who may be contacted at dpo@Pharmazet.com. DPO will coordinate his activity in specific PD processing (clinical trials, pharmacovigilance service, etc.) with Pharmazet Alliance Group's client and vendor data protection officers.

The current business processes will not be changed. We will raise the protection and security of the PD in the processing to GDPR requirements including the identification of data subjects and their PD processed. We combine regulatory laws obligations regarding PD protection with new GDPR obligations in PD processing. We are ready to respond to data subjects' requests to exercise their rights. Our procedural documents specify the processes for data breach notification. We also train our staff in terms of both data protection policies and security risks. Our current activities focus on GDPR compliance in line with the established requirements. Our security measures regarding PD processing have always been at a high level but we continue working on additional improvements of PD processing methods. We understand that meeting the GDPR requirements will take a lot of time and effort and as your partner we want to assure you of our commitment to continuous compliance including GDPR. If you have any questions, please do not hesitate to contact our DPO.