Privacy Policy

  1. Medicines for Ireland (MFI) is committed to protecting your privacy and ensuring that your personal data is protected at all times and accordingly the processing of such data is carried out in line with our obligations under the General Data Protection Regulation (GDPR) (EU) 2016/679 (“GDPR”) and the Data Protection Acts 1988-2018 (collectively referred to as “the DPA”).
    This privacy policy sets out the basis upon which any personal data we collect from you, display about you or that you provide to us via our website and/or membership portal will be processed by us.
    Reference to “you/your” in the Policy means any natural person who visits our website or membership portal, including any registered user or administrator of a particular MFI member.
  1. Who are Medicines for Ireland
    The website medicinesforireland.ie is provided by the Alliance of Medicines for Ireland Company Limited by Guarantee, a company registered in Ireland, number 602169, whose registered office is at 70 Sir John Rogerson’s Quay, Dublin 2, D02R296 (‘we’, ‘our’ or ‘us’).
  1. Our contact details
    Please contact us via:

  • By mail: 13 Merrion Square North, Dublin 2, D02 HW89
  1. Data protection officer (DPO)
    If you have any questions about this privacy notice, our privacy practices or how we handle your personal data, please contact our DPO at info@medicinesforireland.ie
  1. What is meant by personal data or personal information
    Personal data (also called personal information) is information which identifies you as an individual.
    Some examples are outlined below:
    Personal data is anything which may identify you for example your name, address, bank account details, internet protocol (IP) address, username or another identifier.
    Some personal data is unique to you and therefore requires greater protection. This data is referred to as sensitive or special category data which includes information regarding your health, religious or philosophical beliefs, race, or ethnicity to provide a few examples.
  1. How we get the information about you
    In order for us to operate effectively, we may request and collect information about you, we collect personal data from you:
  • directly, when you enter or send us information, such as when you register with us, contact us (including via email or customer contact forms), subscribe to our newsletters or other communications, send us feedback; and
  • indirectly, such as your browsing activity while on our website; we will usually collect information indirectly using the technologies explained in the section on ‘Cookies and other tracking technologies’ below.
  1. The data we collect about you
    We collect personal information from the visitors to our website and our subscribers. We may collect, use, store and transfer different kinds of personal information about you depending on our relationship with you:
  • Identity data: may include name, job title and any other identity data that you may include in your communication with us.
  • Contact data: We usually only intend to collect your email address, but other contact details such as telephone number(s) and addresses may be collected from you when you provide them in our contact forms or your communications with us.
  • Location data: We may collect your location data from your IP address and through your contact forms.
  • Technical data: We may collect your IP address, your login data, browser type and version, time zone setting and location, browser plugin types and versions, operating system and platform, and other technology on the devices you use to access our website.
  • Usage data: Includes information about how you use our website.
  • Marketing and communications data: Includes your preferences in receiving marketing from us, your newsletter subscription preference and our third parties and your communication preferences.
  1. Sensitive or Special category Data
    Sensitive or Special Category Data is personal data that needs more protection because it is sensitive, and we do not intend or wish to collect this type of personal data from you in the course of providing you with our services or during our interactions with you.
    Where you choose to provide us with this information in your communication with us, we will only process that sensitive personal information in such jurisdiction if and to the extent permitted or required by applicable law.
  1. How we process and use your information
    We need your personal information to conduct our business and provide you with our website and services. Most commonly we will use your personal information in the following circumstances:
  • Where you have consented before the processing.
  • Where we need to perform a contract we are about to enter or have entered with you.
  • Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
  • Where we need to comply with a legal or regulatory obligation.
    We will only collect, process and/or use the personal information where we are satisfied that we have an appropriate legal basis to do so.
  1. Withdrawing Consent
    If we rely on your consent to process your personal information, which may be express or implied consent according to the applicable law, you have the right to withdraw consent at any time. You can withdraw your consent by contacting us at info@medicinesforireland.ie.
    Please note that this will not affect the lawfulness of the processing before the withdrawal, nor when applicable law allows, will it affect the processing of your personal information on the basis of any other lawful ground other than consent.
  1. Safeguarding your personal information
    We have put in place appropriate security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. We will review, monitor and update these security measures to meet our business needs, changes in technology and regulatory requirements. In addition, we limit access to your personal information to those employees, agents, contractors and other third parties that have a business need to know. They will only process your personal information on our instructions, and they are subject to a duty of confidentiality.
    Unfortunately, the transmission of information via the Internet is not completely secure. Although we will do our best to protect your personal information, we do not have any control over what happens between your device and the boundary of our information infrastructure. You should be aware of the many information security risks that exist and take appropriate steps to safeguard your own information.
    We have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.
  1. Keeping your personal information
    We will keep your personal information in line with our retention policy and applicable law and for no longer than is necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting or reporting requirements.
    To determine the appropriate retention period for personal information, we consider the amount, nature and sensitivity of the personal information, the risk of harm from unauthorised use or disclosure of your personal information, the purposes for which we process your personal information and whether we can achieve those purposes through other means, and the applicable legal requirements.
  1. Information Sharing
    Insofar as is reasonably necessary for us in delivering our products and services to you and for the purposes set out in this Privacy Notice, we may share your personal information with the below parties that help us manage our business and deliver our products, or services:
  • third parties we use to help deliver our products and services to you;
  • other third parties we use to help us run our business, e.g., marketing agencies or website hosts; and
  • third parties approved by you, e.g., social media sites you choose to link to your account
    We only allow those organisations to handle your personal information if we are satisfied, they take appropriate measures to protect your information. We also impose contractual obligations on them to ensure they can only use your personal data to provide services to us and to you.

    We or the third parties mentioned above occasionally also share personal data with:
  • our and their external auditors, e.g., in relation to the audit of our or their accounts, in which case the recipient of the information will be bound by confidentiality obligations;
  • our and their professional advisors (such as lawyers and other advisors), in which case the recipient of the information will be bound by confidentiality obligations;
  • law enforcement agencies, courts, tribunals, and regulatory bodies to comply with our legal and regulatory obligations;
  • other parties that have joined the organisation (and our or their professional advisers) in connection with a significant corporate transaction or restructuring, including a merger, acquisition, asset sale, initial public offering or in the event of our insolvency—usually, information will be anonymised, but this may not always be possible. The recipient of any of your personal data will be bound by confidentiality obligations.

    We will not share your personal data with any other third party without your consent.
    The specific kind of information we share will depend on your activities with us and only to the extent as required or permitted by law, and/or with your consent.
    Please note however that this Privacy Notice does not apply to sharing of personal information by third party providers who may collect personal information from you and may share it with us. In these situations, we strongly advise you to review the applicable the third-party provider’s privacy notice before submitting your personal information.

 

  1. Third-party services, websites and plugins
    Please note however that this Privacy Notice does not apply to sharing of personal information by third party providers who may collect personal information from you and may share it with us. In these situations, we strongly advise you to review the applicable the third-party provider’s privacy notice before submitting your personal information.
    You should be aware that information about your use of our website (including your IP address) may be retained by your ISP (Internet Service Provider), the hosting provider and any third party that has access to your Internet traffic.
    Our website may contain links to third-party websites and plugins, for instance a social media login plugin. If you choose to use these websites, plugins, or services, you may disclose your information to those third parties.
    We are not responsible for the content or practices of those websites, plugins, or services. The collection, use and disclosure of your personal information will be subject to the privacy notices of these third parties and not this Privacy Notice. We urge you to read the privacy and cookie notices of the relevant third parties.
  1. What happens if you don’t provide your information?
    You may always choose what personal information (if any) you wish to provide to us. Please note, however, services to you may be affected if you choose not to provide certain details, for example, we cannot reply to you without a name or contact details.
  1. Opting out of Marketing
    If you provide us with your contact details (e.g., email address), we may contact you to let you know about the products, services, promotions, and events offered that we think you may be interested in.
    You can unsubscribe from our marketing and information communications by clicking on the unsubscribe link in the emails or by contacting us at info@medicinesforireland.ie.
    You will then be removed from the mailing list; however, we may still communicate with you for example to send you service-related messages that are necessary to respond to your requests or for other non-marketing related purposes.
  1. Cookies and other tracking technologies
    Each time you interact with our website, we may, depending on the consent provided and your jurisdiction, automatically collect personal information, including technical data about your device, your browsing actions and patterns, content and usage data. We collect this data using Cookies, server logs and other similar technologies like pixels, tags and other identifiers in order to remember your preferences, to understand how our website is used, and to customise our marketing offerings.

    Please see more information in our Cookie Notice.
  1. What are your rights
    Data protection laws confer certain rights in favour of data subjects (the “Data Subject Rights”). Data Subject Rights include the right of a data subject to:
  • Right to be informed
  • Right of access
  • Right to rectification
  • Right to erasure
  • Right to restriction of processing
  • Right to object to processing
  • Right to data portability

    It is also within your rights to object to any direct marketing – either use the ‘unsubscribe’ button on our emails or contact us directly by email at info@medicinesforireland.ie
    In certain circumstances, you may also have the right to object to the processing of your personal data. You can make a request to exercise your rights by contacting us at info@medicinesforireland.ie.

    We will consider and act upon any requests in accordance with applicable data protection laws.
    If you are not happy with the way we have handled your data, and are unable to resolve the issue with us directly, you can complain to the Data Protection Commission.
  1. Further information
    We are subject to the EU General Data Protection Regulation (EU GDPR) in relation to services and information we offer to individuals.
  • Details about our processing of your personal information
    The table below describes the ways we plan to use your Personal Data, and which Lawful Basis we rely on to do so. We have also identified what our legitimate interests are where appropriate.

LAWFUL BASIS

PURPOSE EXAMPLES

Contract  

We use your personal information on the basis that it is necessary for us evaluate applications and candidates for a vacant role prior to entering into an employment contract for that role with the most suitable candidate.   

Recruitment of candidates (contractors, employees and providers)

We will use the personal information we collect about you to assess your skills, qualifications, and suitability for the role for which you applied.   We may use the following personal data: Identity data, Contact data, Location data, Candidate Data 

Legitimate interest  

When we rely on this, we will carry out a Legitimate Interests Assessment to ensure we consider and balance any potential impact on you (both positive and negative), and your rights under Data Protection Law.

Our legitimate business interests do not automatically override your interests – we will not use your Personal Data for activities where our interests are overridden by the impact on you unless we have your consent or are otherwise required or permitted to by law.

Managing our organisation  

We process Personal Data for our own legitimate interests. This relates to us managing our business to enable us to maintain and monitor the performance of our website and to constantly look to improve the website and the services it offers to our users, including when we respond to your queries and complaints, where you are not a client or supplier, or a potential client or supplier. We may use the following personal data: Identity data, Contact data, Technical data, Marketing and communications data  

 

Provide and maintain our websites

To provide and maintain our website, including to monitor the usage of these, troubleshooting, data analysis, network security and system testing necessary for our legitimate interests in maintaining the useability, security and integrity of our website We may use the following personal data: Identity data, Location data, Transaction data, Technical data  

 

Recommendations and marketing (newsletters and events)

We may use the following personal data: Identity data, Contact data, Technical Data, Marketing and communications data, Usage data. To measure and analyse the effectiveness of the advertising we serve you. We may use the following personal data: Identity data, Contact data, Location data, Technical Data, Marketing and communications data, Usage data. To make suggestions and recommendations to you about goods or services that may be of interest to you and necessary for our legitimate interests (to provide information). We may use the following personal data: Identity data, Contact data, Location data, Technical Data,  Marketing and communications data, Usage data   

 

Rights and claims 

To enforce or apply our website terms of use, our policy terms and conditions, or other contracts. To exercise our rights, to defend ourselves from claims and to keep to laws and regulations that apply to us and the third parties we work with. We may use the following personal data:   Identity data, Contact data, Transaction data, Technical data, Profile data, Usage Data  

 

Data subject rights 

Verifying your identity when you exercise your data subject rights. Fulfilling data subject rights requests. We may use the following personal data:   Identity data, Contact data, Location data, Technical data, Usage Data, Candidate Data Necessary for our legitimate interests (for running our business, provision of administration and IT services, network security, to prevent fraud, and in the context of a business reorganisation or group restructuring exercise. 

Legal obligations  

We may use your Personal Data to comply with laws (for example, if we are required to co-operate with a police investigation after a court order orders us to).   

Legal requirement   

The processing is necessary for compliance with legal obligations, such as but not limited to security requirements. To comply with applicable law, for example in response to a request from a court or regulatory body, where such request is made in accordance with the law.  

Criminal activity

To detect fraudulent or criminal activity, we may share information with forces such as the police.

Consent

We may have to get your consent to use your Personal Data, such as when we want to send you marketing.     Wherever consent is the only reason for using your Personal Data, you have the right to change your mind and/or withdraw your consent at any time by clicking the Unsubscribe button at the bottom of an applicable email or by contacting us.

 

Marketing (Newsletters and events)

To measure and analyse the effectiveness of the advertising we serve you.  We may collect IP addresses and store Cookies on visitors’ devices. We may use the following personal data, depending on what you consent to:   Identity data, Contact data, Location data, Technical Data, Marketing and communications data, Usage data, Candidate Data. We use data analytics to improve our website, products/services, marketing, customer relationships and experiences. We may use the following personal data: Identity data, Transaction data, Technical Data, Profile data, Usage data  

  • Your Rights
    Please see more details about your rights in the table below. In most circumstances, you do not need to pay any charge for exercising your rights. We have one month to respond to you.

YOUR RIGHT

DETAILS

Right to be informed

We have a legal obligation to provide you with concise, transparent, intelligible, and easily accessible information about your personal information and our use of it. We have written this notice to do just that, but if you have any questions or require more specific information.

Right of access

You have the right to ask us for copies of your personal information. This right always applies. There are some exemptions, which means you may not always receive all the information. When you request this data, this is known as making a data subject access request (DSAR). In most cases, this will be free of charge; however, in some limited circumstances, for example repeated requests for further copies, we may apply an administration fee. 

Right to rectification

You have the right to ask us to rectify information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete. This right always applies.

Right to erasure

You have the right to ask us to erase your personal information in certain circumstances. We have the right to refuse to comply with a request for erasure if we are processing the Personal Data for one of the following reasons: To exercise the right of freedom of expression and information. To comply with a legal obligation. To perform a task in the public interest or exercise official authority.  archiving purposes in the public interest, scientific research, historical research or statistical purposes .For the exercise or defence of legal claims. 

Right to restriction of processing

You may ask us to stop processing your Personal Data. We will still hold the data but will not process it any further. This right is an alternative to the right to erasure. If one of the following conditions applies, you may exercise the right to restrict processing: The accuracy of the Personal Data is contested. Processing of the Personal Data is unlawful. We no longer need the Personal Data for processing, but the Personal Data is required for part of a legal process. The right to object has been exercised and processing is restricted pending a decision on the status of the processing. 

Right to object to processing

You have the right to object to processing in certain circumstances. You can also object if the processing is for a task carried out in the public interest, the exercise of official authority vested in you, or your legitimate interests (or those of a third party). 

Right to data portability

This right only applies if we are processing information based on your consent or for the performance of a contract and the processing is automated. 

  • Complaints
    We hope that we can resolve any query or concern you raise about our use of your information. Please contact us at info@medicinesforireland.ie first and title your email “Complaint”. All complaints will be treated in a confidential manner, and we will try our best to deal with your concerns.

  1. Questions or Concerns
    If you have any questions, concerns, or complaints about this Privacy Notice, or our privacy practices in general, please email us at info@medicinesforireland.ie.