Having regard to the current European regulations and to our transactions within the eurozone, as registered broker of medicinal products, we are committed to setting up a regulatory assurance & quality system as per the following Heads of Medicines Agencies (HMA) requirements:
We confirm the medicinal products brokered are covered by a Marketing Authorization granted pursuant to regulation (EC) No. 726/2004 or by the competent authority of an EU Member State.
We confirm an emergency plan which ensures effective implementation of any recall of a medicinal product from the market ordered by the competent authorities or carried out in co-operation with the manufacturer or marketing authorization holder is in place.
We confirm that a system to ensure that records either in the form of purchase/sales invoices, or on computer, or in any other form for any transaction in medicinal products brokered providing at least the following information, is in place:
- Date on which the sale or purchase of the product was brokered ;
- Name of medicinal product ;
- Quantity brokered ;
- Name of supplier or consignee, as appropriate ;
- Address of supplier or consignee as appropriate ;
- Batch number for products bearing the safety features.
We confirm the records will be retained for a period of five years. We confirm compliance with the guidelines on good distribution practice (GDP) published by the European Commission in accordance with Article 84 of the 2001/83/EC Directive insofar as those guidelines apply to brokers.
We confirm a quality system setting out responsibilities, processes and risk management measures in relation to brokering activities are in place and will be maintained.
We are aware of the requirement to immediately inform the licensing authority and where applicable the marketing authorization holder of medicinal products which we identify as, suspect to be, or have reasonable grounds for knowing or suspecting to be, falsified, and undertake to do so. We are aware that the mentioned premises may be subject to inspection by the Competent Authority.
To the best of our knowledge and belief the particulars we give in the form to be filled and provided to the HMA are correct, truthful and complete. We will notify all changes to the above-mentioned data without delay to the Competent Authority.
As of May 2018, with the entry into application of the General Data Protection Regulation, there is one set of data protection rules for all companies operating in the EU, wherever they are based. Stronger rules on data protection mean: I) people have more control over their personal data; II) businesses benefit from a level playing field.
What is GDPR?
The General Data Protection Regulation (EU) 2016/679 (GDPR) is a regulation in EU law on data protection and privacy for all individual citizens of the European Union (EU) and the European Economic Area (EEA). It also addresses the transfer of personal data outside the EU and EEA areas. The GDPR aims primarily to give control to individuals over their personal data and to simplify the regulatory environment for international business by unifying the regulation within the EU. Superseding the Data Protection Directive 95/46/EC, the regulation contains provisions and requirements related to the processing of personal data of individuals (formally called data subjects in the GDPR) inside the EEA, and applies to any enterprise established in the EEA or—regardless of its location and the data subjects' citizenship—that is processing the personal information of data subjects inside the EEA.
Controllers of personal data must put in place appropriate technical and organizational measures to implement the data protection principles. Business processes that handle personal data must be designed and built with consideration of the principles and provide safeguards to protect data (for example, using pseudonymization or full anonymization where appropriate), and use the highest-possible privacy settings by default, so that the datasets are not publicly available without explicit, informed consent, and cannot be used to identify a subject without additional information (which must be stored separately). No personal data may be processed unless this processing is done under a lawful basis specified by the regulation, or unless the data controller or processor has received an unambiguous and individualized affirmation of consent from the data subject. The data subject has the right to revoke this consent at any time.