LMP - Privacy policy

Privacy policy

08.08.2022. Rīga

PRIVACY POLICY

1. Terms used in the privacy policy

1.1. LMP - Limited liability company “LMP”, Reg.no. 40103046409, legal address: Riga, 1 Vietalvas Street, LV-1009.

1.2. GDPR - Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).

1.3. Personal data - means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;

1.4. Data processing - means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;

1.5. Controller - means the physical or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law;

1.6. Processor – a physical or legal person, public institution, agency or other body, on behalf of the controller, processes Personal data on the premises of the LMP obtained and the persons in the same.

1.7. Customer – a physical or legal person, who is a registered wholesaler, a registered pharmacy, a medical institution and/or its authorized representative, as well as any visitor to the website www.lmp.lv who visits the website.

1.8. Cooperation partner - a physical or legal person, which provides LMP its services in the process of wholesale sales, for example, pharmaceutical product transportation service providers, contract laboratories that do not process Personal Data held by LMP on behalf of LMP.

1.9. Data subject - a directly or indirectly identified or identifiable natural person, including all LMP Clients, Cooperation Partners and their specified contacts, guarantors or authorized persons.

2. General rules

2.1. This privacy policy (hereinafter - Privacy Policy) is LMP, namely the Limited Liability Company "LMP", Reg. No. 40103046409, legal address: legal address: Riga, 1 Vietalvas Street, LV-1009 (hereinafter - LMP) regulations developed with the aim of providing information on the needs of Personal data processing carried out by LMP, the legal basis, scope, protection, processing and storage period, sources of personal data acquisition, recipients of personal data, as well as the rights of the data subject during the acquisition and processing of personal data.

2.2. The Privacy Policy is applied to ensure privacy and Personal Data protection in relation to:

2.2.1. to physical persons, namely LMP Clients and Cooperation Partners, as well as third parties who are specified as contact persons or authorized persons during the manufacturing, sale or cooperation of LMP wholesale pharmaceutical products;

2.2.2. for legal entities, if their name contains the data of natural persons or it is possible to directly or indirectly identify a physical person based on the information provided by them.

2.3. The Privacy Policy applies to the processing of Personal Data, regardless of the form and/or medium in which the Data Subject provides Personal Data (in writing, by telephone, on the Internet website, in paper format or via electronic mail, etc.) and in which LMP systems or form they are processed.

3. Controller and contact information

3.1. Controller of processing of personal data is Limited Liability Company "LMP", Reg. No. 40103046409, legal address: legal address: Riga, 1 Vietalvas Street, LV-1009, phone number: +371 67040788, e-mail address: [email protected].

3.2. For questions related to LMP's processing of Personal Data, contact LMP's contact person for Personal Data Processing: electronic mail address: [email protected].

4. Legal basis for personal data processing

4.1. LMP processes Personal Data based on the following legal bases mentioned in Article 6 of the GDPR:

4.1.1. Contract-based data processing - in order to ensure the proper fulfillment of the obligations of the contract with the Data subject, namely the Client or the Cooperation partner and to ensure the delivery of the manufactured pharmaceutical product, to draw up and conclude a proper contract with the Client or the Cooperation partner for the supply of the pharmaceutical product, or to amend it after the conclusion of the contract, as well as to terminate the corresponding contractual obligations;

4.1.2. For the fulfillment of the legal obligations set out in external regulatory acts - in order for LMP to fulfill its legal obligations in relation to itself, Data Subjects, state and local government institutions, as well as third parties, in accordance with the binding and effective regulatory acts of the Republic of Latvia and the EU.

4.1.3. For the implementation of the legitimate interests of LMP, in order to implement the legitimate interests of LMP arising from the obligations existing between LMP and the Data Subject, the concluded contract or the law, including:

4.1.3.1. ensure and improve the quality of the pharmaceutical products requested by the Data Subject, the quality of the requested service and service, including delivery;

4.1.3.2. ensure effective pharmaceutical product, financial and business accounting and analytics, as well as effective LMP management processes;

4.1.3.3. prevent unreasonable physical and IT security risks and take preventive actions;

4.1.3.4. ensure the protection of LMP property;

4.1.3.5. prevent unreasonable financial risks;

4.1.3.6. prevent fraud and theft;

4.1.3.7. to ensure the fulfillment of the obligations of the concluded contract;

4.1.3.8. to apply to state administration, operational and judicial institutions for the protection of LMP's legal interests.

4.2. When implementing LMP's legitimate interests, before Personal Data processing begins, LMP's interests are evaluated in relation to the Data Subject's rights so that LMP's legitimate interests of a commercial nature do not conflict with the interests and freedoms of the Data Subject. The data subject has the right at any time to request the termination of such justified data processing in accordance with Article 12.1 of the Privacy Policy subsection.

5. Purposes of personal data processing and categories of processed personal data

5.1. The following Personal Data of the Data Subject and other information provided by the Data Subject, which may be considered Personal Data in cases where it is possible to directly or indirectly identify the Data Subject from it, can be located and processed at LMP, and are used for the following purposes:

5.1.1. For the production and distribution of pharmaceutical products, for the conclusion, execution or amendment of a cooperation or purchase agreement with the Customer after the conclusion of the agreement, registration of medicines, issuing and drawing up invoices, for the fulfillment of the obligations set out in the external regulatory acts of LMP in accordance with point 4.1.2, as well as for communication with the Client during the execution of the concluded contract and its contractual obligations:

5.1.1.1. Name and surname of the customer, who is a physical person;

5.1.1.2. Telephone number of the customer who is a physical person;

5.1.1.3. Electronic mail address of the customer who is a physical person;

5.1.1.4. Name and surname of the representative or authorized person of the Client or Cooperation Partner, which is a legal entity;

5.1.1.5. Position of the representative or authorized person of the Client or Cooperation Partner, which is a legal entity;

5.1.1.6. The e-mail address of the representative or authorized person of the Customer or Cooperation Partner who is a legal entity;

5.1.1.7. Bank account number of the representative or authorized person of the Customer or Cooperation Partner who is a legal entity;

5.1.1.8. Written signature of the representative or authorized person of the Client or Cooperation Partner who is a legal entity;

5.1.1.9. Electronic signature of the representative or authorized person of the Client or Cooperation Partner, who is a legal entity;

5.2. To maintain the quality of the pharmaceutical products produced by LMP, to distribute and deliver pharmaceutical products to Customers through Cooperation partners or to Cooperation partners, to ensure communication with the Cooperation partner or its authorized person during the initiation and execution of cooperation:

5.2.1.1. Name and surname of the representative or authorized person of the Client or Cooperation Partner, which is a legal entity;

5.2.1.2. Position of the representative or authorized person of the Client or Cooperation Partner, which is a legal entity;

5.2.1.3. The phone number of the representative or authorized person of the Customer or Cooperation Partner who is a legal entity;

5.2.1.4. Actual, legal or delivery address of the representative or authorized person of the Customer or Cooperation Partner who is a legal entity;

5.2.1.5. Written signature of the representative or authorized person of the Client or Cooperation Partner who is a legal entity;

5.2.1.6. Electronic signature of the representative or authorized person of the Client or Cooperation Partner, who is a legal entity;

6. Sources of personal data collection

6.1. The Personal Data of the Data Subject at LMP's disposal are obtained from the following sources, based on the legal basis for data processing mentioned in point 4:

6.1.1. Personal data submitted by the data subject in person or remotely, that is, using electronic mail, telephone or other remote means of communication;

6.1.2. public registers, databases and publicly available information systems, such as the data held by the Register of Enterprises of the Republic of Latvia, the Register of Pharmaceutical Enterprises or the Lursoft database;

6.1.3. Personal data submitted by the cooperation partner about its representative, authorized person or employee performing the service;

6.1.4. information provided by third parties, if receiving such information is provided for by regulatory acts.

7. Processing of personal data in LMP

7.1. Personal data is processed in good faith, legally and transparently to the Data Subject, using the organizational, financial and technical resources reasonably available to LMP.

7.2. Personal data are obtained for specific, clear and legitimate purposes and their further processing is not carried out for purposes not originally intended or in a manner incompatible with the stated purposes.

7.3. Personal data are stored in such a way that the Data Subject can be identified from them no longer than is necessary for the purposes for which the data were obtained or processed. LMP Personal data storage terms are defined in Chapter 11 of the Privacy Policy.

7.4. Personal data is obtained in compliance with the principle of data processing minimization, which means that the data is adequate, relevant and includes only what is necessary for the purposes of its processing.

7.5. LMP ensures the accuracy of Personal Data and, if necessary, Personal Data is updated according to the current information at that time or deleted.

7.6. Personal data is processed in such a way as to ensure adequate security of Personal data, namely protection against unauthorized or illegal processing, accidental loss, destruction or damage of data.

7.7. In order to ensure the fulfillment of obligations in relation to the Data subject, LMP is entitled to engage and authorize external service providers to perform certain activities on behalf of LMP. If, while performing these tasks, persons authorized by LMP process the Data Subject's data at LMP's disposal, the performers of the relevant task are considered Processors of Personal data at LMP's disposal, and LMP has the right to transfer to the Processors the Personal Data of the Data Subject necessary for the performance of these activities to the extent that they are necessary for the performance of the activities.

7.7.1. In cases where the LMP authorizes the Processors to perform a certain task, both the LMP and the Processors ensure the protection of Personal Data processing in accordance with the GDPR, and also do not use Personal Data for purposes other than the fulfillment of the established obligations towards the Data Subject in the LMP task.

7.7.2. Information about the Data Subject's Personal Data at the Processor's disposal and the Processor's sub-processors is provided to LMP upon receipt of the Data Subject's request in accordance with Article 11.2 of the Privacy Policy subsection.

8. Protection of personal data

8.1. LMP protects the Data Subject's Personal Data using modern technological capabilities, taking into account existing privacy risks and LMP's reasonably available organizational, financial and technical resources, including using the following security measures:

8.1.1. The LMP website www.lmp.lv uses an SSL security certificate, ensuring encrypted data transmission between the Data Subject and the server on which LMP's internal information systems and the Personal Data of the Data Subject received through the website are stored;

8.1.2. grants to a limited group of persons employed by LMP only access rights corresponding to their work duties for the use of internal IT systems and databases of LMP;

8.1.3. provides limited access to LMP office premises only for persons employed by LMP;

8.1.4. uses firewall and anti-virus programs;

8.1.5. regular security checks are carried out against deliberate attacks on the information systems, databases, e-mail and servers maintained by LMP, as well as whether there have been no data leaks;

8.1.6. ensures that the persons who work with the Personal Data managed by LMP have been properly trained, as well as received appropriate and clear instructions on the data processing to be performed, including the security instructions included in the Privacy Policy;

8.1.7. ensures that no accidental or illegal deletion, damage, loss, correction, processing, publication or disclosure of Personal Data to third parties is allowed;

8.1.8. ensures that all types of paper documents and confidential information are stored in a place of limited access, namely in the office of the LMP board members and in the lockers in it, which can be accessed only by employees employed by LMP or authorized persons for the performance of direct work duties;

8.1.9. ensures that archived paper documents in the company are stored in a place of limited access, namely in the LMP archive room, which can only be accessed by LMP management and employees responsible for quality assurance.

9. Personal data transfer to third parties

9.1. Personal data held by LMP is not transferred to third parties, except in cases where:

9.1.1. data must be transferred to the relevant third party within the framework of the concluded contract in order to perform some function necessary for the performance of the contract or delegated by law;

9.1.2. The Data subject has given clear, unequivocal consent to the transfer of personal data;

9.1.3. to disclose personal data is the obligation of LMP to the persons provided for in external regulatory acts upon their justified request, in the manner and to the extent specified in external regulatory acts;

9.1.4. For the protection of LMP's legitimate interests, for example, by applying to the court or other state institutions against a person who has violated LMP's legitimate interests.

9.2. When transferring Personal Data to third parties, LMP evaluates the third party's level of data protection and processing protection in accordance with regulatory enactments in order to ensure the greatest possible protection of the Data Subject's information.

10. Personal data storage period

10.1. LMP processes Personal data in its possession as long as the following conditions are met:

10.1.1. while the concluded contractual obligations with the Data Subject are valid;

10.1.2. as long as the Personal Data is necessary for the purpose for which it was received;

10.1.3. as long as necessary to ensure the realization of the legitimate interests of the LMP or the Data Subject, for example, so that the LMP or the Data Subject is able to submit objections or file a claim in court, while the respondent - to protect his rights;

10.1.4. as long as one of the parties has a legal obligation to store the data, for example, according to the Civil Law, the Commercial Law or the Law "On Accounting".

10.2. When none of 10.1. the conditions referred to in subsection no longer apply, Personal data is deleted or archived.

10.3. Documents in paper format are stored in a place of limited access, namely in the LMP archive room, in accordance with the terms set by regulatory acts, but no longer than 10 years, as well as in certain cases, to ensure the legitimate interests of LMP, for example, the fulfillment of contractual obligations, debt collection, in case of potential legal proceedings, during the limitation period.

10.4. Electronic documents are stored in a place of limited access, namely in the LMP electronic archive folder, which can only be accessed by the LMP board or employees responsible for quality assurance. Documents are not stored longer than 5-10 years.

11. Data subject rights and access to their Personal Data

11.1. The Data Subject has the right to receive information about what Personal Data is under the management of LMP in connection with the processing of the Data Subject's Personal Data, and to request access to his Personal Data, its correction, addition or deletion, to limit data processing, as well as to object to it, including against the processing of Personal Data, which is carried out on the basis of LMP's legitimate interests, as well as to exercise the right to data portability, as far as LMP is technically able to provide it. The rights of the data subject are exercised to the extent that it does not conflict with the obligations of the LMP, which are defined in regulatory acts.

11.2. LMP contact person in matters of personal data processing: e-mail address: [email protected];

11.3. Upon receiving a request to exercise the Data subject's rights, LMP verifies the identity of the Data subject, evaluates the request and fulfills it in accordance with the regulatory enactments.

11.4. The LMP sends the answer to the Data Subject's electronic mail address within 30 days from the moment when the LMP contact person in matters of personal data processing received the Data Subject's request, or in the form of a registered letter if sent by post. If there is a need to clarify information or conduct more detailed research before providing a response, the response may require a longer period of time than 30 days, depending on the content of the request, but no longer than 60 days.

11.6. Disputes related to the processing of Personal Data shall be resolved through negotiation between the Data Subject and LMP. If the Data Subject believes that its Personal Data processing violates the rights and interests of the person in accordance with the applicable regulatory enactments, the Data Subject has the right to file a complaint with the LMP contact person on Personal Data Processing issues, by submitting an application to the LMP or contacting the Data State Inspectorate of the Republic of Latvia, address: Blaumaņa iela 11/13-11, Riga, LV-1011, Latvia, electronic mail address: [email protected].

12. Final provisions

12.1. Company has the right to amend the Policy.

12.2. If this Policy is updated, the amendments will take effect on the date specified in the updated Policy.

12.3. To ensure transparent and honest data processing, the latest version of the Policy is always posted on the website.

12.4. The data subject is obliged to acquaint himself / herself with this Policy, as well as to acquaint with it any person associated with this data subject and whose interests may thus be affected by the data processing processes of that person. The Company expects that any personal data submitted will not interfere with the interests of other persons.

12.5. If this Policy is translated into other languages, the Latvian text shall prevail in case of inconsistency.

12.6. This Policy is applicable from 2022.

Home