ADIFA – Associação de Distribuidores Farmacêuticos – is a non-profit association that represents wholesale distributors of full-service medicines. Its mission is to defend their common, business and economic interests, developing activities that are useful or necessary for the progress of its members.
To this extent, ADIFA is an entity that assumes a close relationship with the representatives of its members, employees and clients, and one of its responsibilities is to ensure the processing and protection of personal data collected against external threats and internal misuse, in compliance with Regulation 2016/679 of the European Parliament and of the Council of April 27, 2016 (hereinafter “GDPR”).
As such, the Personal Data Holders are aware of and have the right to be informed, within the scope of their contract and association, about how the Association collects, organizes, keeps, shares, consults, uses, corrects, stores, processes, protects and deletes the Personal Data of the Holders provided to it, for the intended purposes.
This Personal Data is provided in person or, alternatively, through the website www.adifa.pt, the provision of services, email, other electronic means, or forms made available in the organization of events.
The legitimate purposes for which Personal Data is processed by the Association result in the obligation arising from the relevant legislation for the Association to ensure that the conditions of lawfulness exist to promote the processing of Personal Data of Data Subjects. In the specific case of the Association, the Personal Data Subjects who will be processed are the Association’s Employees, Employees/Members’ Representatives and Clients, in accordance with the processing purposes and conditions of lawfulness described in Chapter 3. below.
In addition, Personal Data Subjects also have the right to be informed about the processing of Personal Data for other relevant purposes that ADIFA wishes to make known, under the terms of this Privacy Policy.
Therefore, the Association promotes the posting of its privacy policy on the website, and any Personal Data Holder can and should access and carefully analyze this privacy policy, which has been written in a clear and simple manner, to facilitate its understanding and the exercise of the respective rights of the Personal Data Holders (also referred to hereinafter as “ARCO Rights”).
This privacy policy applies to personal data processed by ADIFA, in its capacity as Personal Data Controller (hereinafter “Controller”), directly or indirectly, within the scope of its activity, obtained through all the instruments at its disposal.
Within the scope of the processing of personal data indicated above, the Data Controller may define specific privacy policies that improve, develop or specify specific aspects of the processing of personal data carried out for the purpose indicated or for new purposes that may be developed or promoted by the Data Controller, undertaking to ensure compliance with the GDPR in relation to such new developments in activity.
Such sectoral privacy policies or the development of this privacy policy shall, in compliance with the applicable legal provisions, be made known to the Data Subjects, through the means agreed between the Parties and available for this purpose, in compliance with the applicable legal and contractual provisions.
The Data Controller is: ADIFA – Associação de Distribuidores Farmacêuticos, with registered office at Avenida da República n.º 50 – 2.º piso, 1050-196 Lisboa; You can contact ADIFA on any matter related to this privacy policy, through the following contact points: E-mail address: geral@adifa.pt Registered Postal Mail with Notice of Receipt: ADIFA – Associação de Distribuidores Farmacêuticos Avenida da República n.º 50 – 2.º Piso 1050-196 Lisboa.
In addition to the above, the Controller may, in specific and particular cases – which are the subject of a sectoral privacy policy – subcontract third parties to carry out the processing of the personal data in question, always ensuring, at all times, the rights and guarantees of the Personal Data Subjects and compliance by said subcontractors with the applicable legal, regulatory and contractual obligations.
The Personal Data of Employees, Employees/Representatives of Associates and Clients is processed under the terms of the Privacy Policy in force, which is made known to these Data Subjects within the scope of the process of executing relevant contracts or providing services. Personal Data is processed as follows for the following purposes and on the following grounds:
Personal Data
Purpose of treatment
Condition of Lawfulness
Personal Data of Employees or Potential Employees
Processing of Personal Data in the context of the management of the employment or pre-employment relationship maintained with Workers or Potential Workers.
Treatment necessary for the execution of an employment contract or related to pre-contractual steps
Processing necessary to comply with applicable legal obligations
Processing necessary for the purposes of the legitimate interests of the Data Controller (not violating the rights, freedoms and guarantees of the Data Subjects).
Members’ personal data
Contact details for members and their employees/representatives
Processing of Personal Data within the scope of the management of the association relationship, resulting from the provisions of the Statutes, in accordance with the contractual relationship maintained with the Members
Execution of the contractual relationship established between the Manager and the Associates.
Processing necessary to comply with applicable legal obligations
Customers’ personal data
Customer contact details
External Customer Identification Data
Processing of Personal Data for the purposes of holding and organizing information sessions and other events subject to prior registration
Execution of a contract between the Manager or his Subcontractor and the Client
Customers’ personal data
Customer contact details
External Customer Identification Data
Customers’ personal data
Customer contact details
External Customer Identification Data
Customers’ personal data
Customer contact details
External Customer Identification Data
Personal data of users of the website www.adifa.pt
Processing of Technological Personal Data (cookies)
Consent given by the Data Subject
The Personal Data of Employees, Employees/Representatives of Associates and Clients is processed under the terms of the Privacy Policy in force, which is made known to these Data Subjects within the scope of the process of executing relevant contracts or providing services. Personal Data is processed as follows for the following purposes and on the following grounds:
All the Personal Data identified is adequate, relevant and limited to the respective purposes, thus fully respecting the essential principles of the GDPR.
The Data Controller processes the personal data of the Personal Data Subject, both manually and automatically, for the specific purposes, strictly and completely observing the purpose defined between the parties and the legal basis provided for in the GDPR, applicable as the case may be.
The Data Controller may grant access to the Personal Data of the Data Subjects to third parties subcontracted exclusively with a view to ensuring the provision of services necessary for the management and maintenance of the website.
On the other hand, the Data Controller may share Personal Data with entities contracted to produce institutional communications, organize events, conferences, congresses or other events of relevance and interest to the promotion of the sector and the activities of Members.
In the areas described above, ADIFA, in compliance with the applicable legal and regulatory obligations, requires the aforementioned subcontractors to undertake to process the relevant Personal Data in compliance with the provisions of Chapters 3 and 4, as well as to take all necessary security precautions, given the nature of the Personal Data and the risks presented by their processing, to protect the security of the Personal Data provided by the Data Subjects and, in particular, to ensure, as far as possible, their possible distortion or corruption and access to them by unauthorized third parties.
The Controller uses commonly used software and platforms, such as Google LLC (and related services), which acts as a platform for hosting all the documentation and electronic communications made and produced in compliance with the legal obligations laid down in the GDPR.
In this context, Google LLC, as a market leader, promotes full compliance with all the provisions defined and provided for in the GDPR. as well as defining its applicability under the terms of the subscribed application “G Suite Terms of Service” available for consultation at https://policies.google.com/privacy?hl=en-IE and https://gsuite.google.com/security/.
This application fully applies the obligations of the GDPR without restriction or limitation, obliging Google to only process Personal Data for the purpose of providing the services applicable to the G Suite application.
The Controller provides access or shares, under the terms of this Global Policy, to subcontractors the Personal Data processed by the Controller, within the scope of the purposes described above, also through the G Suite application provided by Google LLC.
The Data Controller shall retain the Personal Data of the Data Subjects only for the time necessary to fulfill the purpose for which they were collected, and the Personal Data shall be deleted after express and autonomous communication by the Data Subject, or after termination of the contractual relationship established, under the terms set out in the following Chapter.
In general, and with the exception of the defense of legitimate interests by the Data Controller or compliance with legal obligations, the retention periods in force are as follows:
Purpose of treatment
Shelf life
Processing of Personal Data in the context of the management of the employment or pre-employment relationship with Employees or Potential Employees
Until the end of the professional and contractual relationship established with the Employees or the end of the recruitment process for Potential Employees
Processing of Personal Data within the scope of the management of the association relationship, resulting from the provisions of the Statutes, in accordance with the contractual relationship maintained with the Members
Until the end of the association relationship established with the Members
Processing of Personal Data for the purposes of holding and organizing information sessions and other events subject to prior registration
Until the end of the contractual relationship established with Clients
Processing of Customers’ Personal Data for promotional and marketing purposes, including but not limited to (i) the provision of information on news related to social activities and events carried out or to be carried out by the Manager, and (ii) the provision of institutional information related to the pharmaceutical distribution business, including, without limitation, the subscription and sending of newsletters or other forms of documentation.
Customers’ personal data will be kept until the consent given is revoked.
Processing of Technological Personal Data (cookies)
Until the end of the contractual relationship established with Clients
Any Data Subject who provides ADIFA with their Personal Data may, at any time and free of charge – in compliance with the applicable legislation – exercise their rights to access, rectify, erase (or de-index) their Personal Data or, depending on the applicability of such options, the right to limit or oppose the processing and portability of their Personal Data.
Likewise, with regard to the processing of Personal Data that has been the object of consent on the part of the Data Subjects, the Data Controller ensures that the Data Subjects are able to exercise their right to revoke their consent, in compliance with all applicable legal provisions.
All the above rights should be exercised, alternatively, through the following platforms and as far as technically possible: Email address: geral@adifa.pt Registered Postal Mail with Acknowledgement of Receipt: ADIFA – Associação de Distribuidores Farmacêuticos Avenida da República n.º 50 – 2.º Piso 1050-196 Lisboa. On the website at www.adifa.pt
The Data Controller complies and will comply scrupulously with all the mandatory information rights provided for in the applicable legislation, within the scope of the respective contractual relationships entered into between ADIFA and the Data Subjects.
The Data Controller undertakes, at all times and in any event, to comply with the legally prescribed deadlines for the completion and execution resulting from the exercise of ARCO rights by any Data Subject.
In any case, the Data Subject may, if they consider that the Controller has violated or may have violated their rights under the applicable data protection legislation, lodge a complaint with the National Data Protection Commission.
The Data Subject undertakes, in any of the technological tools made available by the Controller, to exercise the utmost caution in order to avoid any unauthorized access to their Personal Data, maintaining total confidentiality of their password and of the information that may appear in their personal account (if any).
In the event that the Data Subject or any other user of any of the technological tools made available by the Controller provides false or inaccurate information to the Controller, the latter cannot be held responsible for such circumstance.
Any Personal Data that is not duly identified as “optional” or “optional” in the forms provided by the Controller or by any entity organizing an event sponsored and coordinated by the Controller shall be required to be filled in in order to comply with the aforementioned purposes.
As such, if the Personal Data Subject does not provide the Personal Data necessary to fulfill the purposes set out above, the Data Controller will not be able to comply with their request.
Bearing in mind the great concern and commitment shown by the person in charge in defending privacy issues, various technical and organizational security measures have been adopted in order to protect the personal data made available to us against its dissemination, loss, misuse, alteration, unauthorized processing or access, as well as against any other form of illicit processing.
In this sense, the personal data collection forms require encrypted sessions and all the personal data you provide us with about yourself is stored securely in the systems contracted by the Responsible Party – or covered within the scope of the provision of shared administrative services contracted with other entities, identified in point 5. above – with additional access control, covered by all the physical and logical security measures that we believe are indispensable for the protection of your Personal Data.
For further clarification, please contact the person in charge using the means identified in point 2. above.
Bearing in mind the great concern and commitment shown by the person in charge in defending privacy issues, various technical and organizational security measures have been adopted in order to protect the personal data made available to us against its dissemination, loss, misuse, alteration, unauthorized processing or access, as well as against any other form of illicit processing.
In this sense, the personal data collection forms require encrypted sessions and all the personal data you provide us with about yourself is stored securely in the systems contracted by the Responsible Party – or covered within the scope of the provision of shared administrative services contracted with other entities, identified in point 5. above – with additional access control, covered by all the physical and logical security measures that we believe are indispensable for the protection of your Personal Data.
For further clarification, please contact the person in charge using the means identified in point 2. above.
The Controller obtains technical information from the user’s device whenever the user visits the website, by any of the means at its disposal.
The Controller uses, through its platform, the services provided by Google LLC, whose registered office is at 1600 Amphiteatre Parkway Mountain View California, 64043, United States (“Google”).
Google uses different types of Cookies to run its website and ad-related products. For further information or clarification, please consult our Cookie Policy, available at www.adifa.pt, or visit https://policies.google.com/technologies/types.
This Privacy Policy is produced and fully subject to Portuguese Law and the GDPR.
The Controller reserves the right to amend its Privacy Policy described herein or any terms and conditions of Sectoral Privacy Policies, always in full compliance with applicable national and EU legislation.