Privacy Notice for Pharmacovigilance, Medical Information and Product Quality Complaints of Myovant Sciences
We take your privacy very seriously and are committed to being transparent with how we use Personal Data. This Privacy Notice (this “Privacy Notice”) sets out how Myovant and its subsidiaries and affiliates (“Myovant,” “we,” “us,” and/or “our”) collect, use, and share information that may identify you (your “Personal Data”) in connection with reporting Safety Data and Product quality complaints to Myovant or requesting Product medical information from Myovant. Myovant is committed to protecting your Personal Data collected for these purposes, as described below. This Privacy Notice describes:
- What Personal Data we collect and why we collect it;
- How we use that Personal Data; and
- The choices we offer, including how to access and update Personal Data.
This Privacy Notice is limited to the collection and processing of your Personal Data to report adverse events or “Special Situations” (i.e., pregnancy; breastfeeding; lack of efficacy; overdose; misuse, abuse / overuse; medication and administration errors; occupational exposure; suspected transmission of infectious agents via a medicinal product (STIAMP); and counterfeits), together “Safety Data”. This may include, for example, a request for information received from an external stakeholder about Myovant medicinal products (“Medical Information Inquiry/Request”) and any written, electronic, or verbal declaration or report alleging deficiencies or defects, either perceived or real, regarding the identity, quality, stability, durability, reliability, safety, performance of drug product or medical device (“Product Complaint”), required to fulfil our regulatory obligations for any pharmaceutical product that is developed, manufactured, or distributed by Myovant, including investigational products that are not yet approved for manufacture or distribution (“Product”).
For more information regarding how Myovant collects, uses and shares your Personal Data in other contexts, please see Myovant’s Privacy Notice (available at https://www.myovant.com/privacy-policy/).
Click on the links below to jump to the different sections of this Privacy Notice:
Controller for processing of your Personal Data
Types of Personal Data we collect
Legal bases for the processing of Personal Data
Who is the controller for processing of your Personal Data?
Myovant Sciences Inc., 2000 Sierra Point Parkway, 9th Floor, Brisbane, CA 94005, USA (“Myovant Sciences Inc.”) and Myovant Sciences GmbH, Aeschengraben 27, 4051 Basel, Switzerland (”Myovant Sciences GmbH”) are joint controllers for the processing under this Privacy Notice with Myovant Sciences Inc. being the lead controller, unless we inform you otherwise in an individual case.
This Privacy Notice also applies where a Myovant company other than Myovant Sciences Inc. or Myovant Sciences GmbH (a ”Myovant Affiliate”) is the controller. This may be the case, in particular, if your data are processed by a Myovant Affiliate in the context of its own legal obligations or where data are exchanged with a Myovant Affiliate, or where you otherwise interact with a Myovant Affiliate. Only if a Myovant Affiliate, being a controller, starts sharing your data with other Myovant companies for their own purposes, they themselves become controllers.
There may be constellations in which we are responsible for data processing along with third parties (including other Myovant companies). In these cases, they process personal data either as sole controllers (if you have any questions regarding the data processing of sole controllers, please contact them directly) or, if they participate in determining the purpose or means of the processing, as joint controllers (we remain your primary contact, even if there are joint controllers). If you wish to receive information about the controllers for a specific processing activity, you are welcome to contact us as part of your access right.
You may contact us for data protection concerns and to exercise your rights as follows:
Myovant Sciences Inc.
2000 Sierra Point Parkway
9th Floor
Brisbane, CA 94005
USA
privacy@myovant.com
We have appointed the following additional positions:
- a Data Protection Officer according to articles 37 et seq. GDPR for Myovant Sciences Ireland Limited (Ireland):
Myovant Sciences Inc.
Data Protection Officer
2000 Sierra Point Parkway
9th Floor
Brisbane, CA 94005
USA
privacy@myovant.com - a Data Protection Representative in the EU according to article 27 GDPR for all Myovant companies based outside the Switzerland or the European Economic Area (“EEA“):
Myovant Sciences Ireland Limited
EU Representative
Western Business Park
Shannon Co. Clare Ireland
Shannon, Clare
Ireland, V14 FW97
privacy@myovant.com
You can also contact these parties for privacy concerns.
Types of Personal Data we collect
We will only collect the minimum amount of Personal Data required for the purposes of fulfilling our regulatory obligations related to Safety Data reporting, medical information provision and processing of product complaint. The Personal Data collected may include, for example, the following categories of data, as necessary:
| Categories of Persons | Scope of Personal Data Collected May Include |
| Patients; Patient’s partner in case of pregnancy exposure |
|
| Reporters / External Stakeholders
(i.e., persons who provide information concerning Safety Data, Product Complaint or submit a Medical Information Inquiry/Request) |
|
How we collect Personal Data
Personal Data received through an adverse event / Special Situation reporting, medical inquiry or Product Complaint reporting may be communicated to Myovant in different manner (e.g., through emails, comments on certain social media platforms or Myovant channels for which we become aware, phone calls, completion of website forms, from regulatory authorities, pharmacies, Myovant service providers, distributors, or licensing partners).
How we use Personal Data
As required by pharmaceutical regulations, Myovant must collect Safety Data and Product complaints for our Products and investigate the reports we receive in accordance with applicable laws and processes. In addition, we must ensure timely and accurate provision of medical information to the inquirer. To meet our regulatory obligations, we may use Personal Data to:
- Investigate Safety Data reports/Special Situation and Product Complaint;
- Contact you for further information about Safety Data/Special Situation and Product Complaint you reported; and
- Contact you to provide response to your Medical Information Inquiry/Request.
If your data are used for any Safety Data or Product Complaint analysis or reporting it will be “anonymized,” which means that all identifiers would be removed from the data such that no person would be able to reasonably identify you.
Legal bases for the processing of Personal Data
Myovant processes Personal Data to comply with its regulatory obligations to monitor and report Safety Data and Product complaints and to ensure timely and accurate provision of Product medical information.
If and to the extent the data processing is subject to the European Union General Data Protection Regulation (“GDPR”), we collect and process your data for these purposes to comply with our legal obligations (GDPR Articles 6(1)(c) and 9(2)(i)). If the data relevant to you is reported to a regulatory agency as part of Myovant regulatory obligations, it will be pseudonymized or anonymized beforehand, as appropriate and permitted. Your data will not be used for any other purposes beyond the scope of this Privacy Notice.
How we share Personal Data
In the course of the activities under the scope of this Privacy Notice, your Personal Data can be accessed by, or transferred to the following categories of recipients or third parties, on a need-to-know basis to achieve such purposes:
- Other Myovant subsidiaries and affiliates;
- Regulatory authorities, ethics committees and clinical investigators;
- Our employees and third parties, contractors, consultants and vendors acting on our behalf;
- Our licensing partners;
- Our services providers that provide services and Products to us (including contract research organizations and other vendors);
- Our IT systems providers, cloud service providers, database providers and consultants;
- Any third party to whom we assign or novate any of our rights or obligations, including any third party to which we provide data in the event of any reorganization, merger, sale, joint venture, assignment, transfer or other disposition of all or any portion of our business, assets or stock (including in connection with any bankruptcy or similar proceeding); and
- Our advisors and external lawyers in the context of the sale or transfer of any part of our business or its assets.
The above third parties may act as separate controllers, joint controllers with us or as our processors, and are contractually obliged to protect the confidentiality and security of your Personal Data, in compliance with applicable law.
International data transfers
Your Personal Data may be transferred outside of your country of residence to countries that may have different data protection laws which may not provide the same data protection guarantees as your country of residence; in principle in any country in the world. In such case, Myovant will take all necessary steps to ensure the safety of your Personal Data in accordance with the applicable privacy and data protection laws (e.g., enter data protection contracts with the new EU Standard Contractual Clauses), unless we can rely on an exception or the recipient is subject to a legally accepted set of rules to ensure data protection.
How we protect your Personal Data
Myovant takes appropriate technical and organizational security measures in order to maintain the required security of your Personal Data and ensure its confidentiality, integrity and availability, and to protect if from accidental loss and from unauthorized access, use, alteration, or disclosure. These measures may include access restrictions, providing instructions to our employees, entering confidentiality measures, and monitoring.
Data retention
Data and documents relating to activities described in the scope of this Privacy Notice will be retained as long as the Product is authorized and for at least 10 (ten) years after the marketing authorization has expired. However, the documents shall be retained for a longer period where applicable law so requires.
rights
You are at any time entitled to access and to be informed of the Personal Data about you that is being processed. You have the right to:
- Request information from us as to whether and what Personal Data we process about you;
- Object to the collection and further processing or sharing of your Personal Data, including, if applicable;
- Request that your Personal Data are corrected if you believe it is incorrect;
- Request erasure of your Personal Data
- Request that we provide certain Personal Data in a commonly used electronic format or transfer it to another controller (data portability); and
- Withdraw consent, where our processing is based on your consent;
- Complain to the competent data protection authority if you believe your privacy rights have been violated.
Nevertheless, it is possible that exceptions to the exercise of your rights apply in accordance with local privacy law. Especially, we might not be able to fully satisfy some of your requests in cases where we have compelling legitimate reasons to continue processing your Personal Data, we are required to continue processing your Personal Data to comply with applicable laws, or if it is necessary for us to continue processing your Personal Data in connection with certain types of legal claims. In each case, we would inform you thereof in a due time and in accordance with applicable laws.
Last updated: 09.03.2023