Teva Privacy Notice for Pharmacovigilance, Medical Information and Product Complaints

Ensuring patient safety is extremely important to Teva Canada Limited and Teva Canada Innovation G.P.-S.E.N.C. (“Teva”, “we” and “us”) and we take the safe use of all our products seriously. Teva needs to be able to get in touch with people who contact Teva about our products in order to follow-up and obtain further information, give answers to requests or to send requested material. This Privacy Notice for Pharmacovigilence, Medical Information and Product Complaints describes how we collect and use “Personal Information” (which means information about an identifiable individual (“you”)) to help us fulfil our pharmacovigilance, product/quality complaint and medical inquiry obligations/requests to monitor and ensure the safety and quality of all our products, including medicines and medical devices that we sell or have in clinical development.

Scope of this Privacy Notice

This Privacy Notice applies to information we collect from or about you online (such as through our website, social media, chatbox or live chat), by phone, fax, e-mail or post, as part of Teva complying with any applicable adverse event, quality or medical inquiry or reporting regulations.

An “adverse event” means an unwanted, unintended or harmful event in relation to the use of a Teva product. With respect to medical devices, it also includes “incidents” and for cosmetics "serious undesirable effects", but for ease of reading, only the term “adverse event” will be used in this Privacy Notice. Pharmacovigilance legislation require us to take detailed records of every adverse event about which we become aware, to us to allow the event to be evaluated and collated with other adverse events recorded about that product.
If you are a patient, with your consent, we may also be provided with information about you by a third party reporting an adverse event that affected you. Such third parties may include medical professionals or healthcare providers, lawyers, relatives or other members of the public.

Information Regarding Personal Information Processing

We may collect Personal Information about both the patient who is the subject of an adverse event (“Patient”) and the individual who reports the adverse event (“Reporter”). If you contact us about an adverse event report affecting yourself, we will collect information about you as outlined below in your capacity as both the Reporter and the Patient.

Pharmacovigilance	Medical Inquiry	Quality Complaint
What information do we collect? Patients
The Personal Data that we may collect about you when you are the subject of an adverse event report is: Name or initials Contact details for follow up purposes (when relevant) age (date of birth, if provided) gender weight, height details of the product causing the reaction and your use of it details of other medicines or remedies you are/were taking at the time of the reaction details of the adverse reaction you suffered, the treatment you received for that reaction, and any long-term effects the reaction has caused other medical history considered relevant by the reporter, including documents such as lab reports, medication histories and patient histories. This may include information that is considered by law to be “sensitive (health, ethnicity, religion, sexual life).	The Personal Data we may collect about you when you are the subject of a medical inquiry report is: Name Contact details (for follow up purposes) Details of your inquiry as provided by you This may include information that is considered by law to be “sensitive (health, ethnicity, religion, sexual life).	The Personal Data we may collect about you when you are the subject of a quality complaint report is: Name Contact details (for follow up purposes) Details on the relevant product and events This may include information that is considered by law to be “sensitive (health, ethnicity, religion, sexual life).
What information do we collect? Reporters
The Personal Information that we may collect from and about you when you are the reporter of an adverse event report, medical information request or product complaint report is: Name Contact details Profession (to determine the questions you are asked about an adverse event, depending on your assumed level of medical knowledge) Relationship with the subject of the report. Where you are also the subject of a report, this information may be combined with the information you provide in relation to your reaction.
Why do we collect it?
To manage and process adverse event reports on our products. Pharmacovigilance and related legislation require us to ensure that adverse events are traceable and available for follow-up. As a result, we must keep sufficient information about reporters to allow us to contact you once we have received the report.	To manage and respond to your medical inquiry requests.	To manage and respond to your quality complaints and to meet quality control requirements. Product safety and related legislation require us to ensure that reports are traceable and available for follow-up. As a result, we must keep sufficient information about reporters to allow us to contact you once we have received the report.
Transfers of Personal Information
Teva pharmacovigilance databases are stored in Israel. These are administered and supported by Teva’s pharmacovigilance teams in Israel, Romania, Germany, India and the United States. Teva also engages a data processing company in India (Accenture) for data entry, administration and data cleansing of a limited part of the pharmacovigilance database.	Our medical inquiries database is hosted by a third party in Europe. Because Teva is a global company, access to these databases may be provided to our global quality and medical teams, however in all cases, only strictly to what is required in order for our teams to complete their responsibilities and where possible, only in pseudonymised form.	Our quality complaints database is hosted within Teva in the USA. Because Teva is a global company, access to these databases may be provided to our global quality and medical teams, however in all cases, only strictly to what is required in order for our teams to complete their responsibilities and where possible, only in pseudonymised form.
As indicated above, certain Teva services are operated outside Canada or the province in which you reside (which may include transfer outside of Quebec for Quebec residents), and laws in such other jurisdictions may differ from the laws where you reside. Purposes of Data Processing Personal Information is processed where relevant and necessary to document your adverse effect and to meet our pharmacovigilance, safety, quality and other legal requirements. The legal requirements exist to allow us and competent authorities (such as Health Canada) to evaluate adverse events, quality complaints or medical inquiries and make efforts to prevent similar events from happening in the future. We also process this Personal Information to respond to any request, complaint or inquiry made by you (follow up).
Data Retention Any Personal Information which is collected for any of the above purposes will be retained in pseudonymised form (when possible and only after any necessary follow up), in a fully secured manner, and retention of your information is minimized in accordance with applicable data protection laws. Because patient and product safety is so important, we retain pseudonymised information we gather about adverse events, quality complaints or medical inquiries to ensure that we can properly assess the safety and suitability of our products over time. As we operate as a global company, in order to meet international legal requirements, this information is retained for a period 30 years following life of the product market authorisation.

How We Use and Share Personal Information

We may use and share Personal Information to:

investigate the adverse event, quality complaint or medical inquiry;
contact you for further information about the adverse event, quality complaint or medical inquiry you reported;
collate the information about the adverse event, quality complaint or medical inquiry with information about other adverse events, quality complaint or medical inquiries received by Teva to analyse the safety of a batch, Teva product or active ingredient as a whole (such analysis is conducted only using pseudonymised information); and
provide mandatory reports to national and/or regional authorities, in accordance with Teva’s legal requirements, so that they can analyse the safety of a batch, Teva product or active ingredient as a whole alongside reports from other sources (only pseudonymised information is provided to such authorities).

Our pharmacovigilance and quality obligations require us to review patterns across reports received from every country where we market our products. To meet these requirements, information provided as part of an adverse event or quality report is shared within Teva on a worldwide basis through Teva’s global database. This database is also the platform through which Teva uploads adverse event reports to various oversight authorities, including the Eudravigilance database (European Medicines Agency corporate system for managing and analysing information on suspected adverse reactions to medicines which have been authorised in the European Economic Area) and other similar databases as required by law. We also maintain a global medical inquiry database in order to answer your inquiries and internally manage these answers. However, your Personal Information is pseundonymised or de-identified when possible in order to protect your privacy.

Your Personal Information will be transferred (or otherwise made available) to certain third parties that provide services on our behalf. We use service providers to provide services such as data storage and processing . Our service providers are only provided with the information they need to perform their designated functions and are not authorized to use or disclose Personal Information for their own marketing or other purposes. As indicated above, our service providers may be located in Israel, the USA, Canada or other foreign jurisdictions.

We and our service providers may disclose your Personal Information if we are required or permitted by applicable law or legal process, which may include lawful access by foreign courts, law enforcement or other government authorities in the jurisdictions in which we or our service providers operate. For information about the manner in which we or our service providers treat Personal Information, please contact us as set out in the “Contact Information” section of the Privacy Notice.

Personal Information collected from you in accordance with this Privacy Notice may also be transferred to a third party in the event of a sale, assignment, transfer, or acquisition of the company or a specific product or therapeutic area, in which case we would require the buyer, assignee or transferee to treat that Personal Information in accordance with the purposes for which the Personal Information was collected and applicable data protection laws.

Further Information Regarding Pharmacovigilance

We may also share Personal Information with other pharmaceutical companies who are our co-marketing, co-distribution, or other license partners, where pharmacovigilance legal obligations for a product require such exchange of safety information.

Additionally, in some cases, as part of our market authorisation for a particular product, you may be enrolled in a patient safety programme, in which case we will provide you with further information, at the time of your enrolment, on our additional Personal Information practices (such as any additional information sharing or transfers) that would be applicable to you.

We share information with national, regional and international authorities, such as Health Canada and the European Medicines Agency in accordance with pharmacovigilance laws. We are unable to control their use of any information we share, however note that in these circumstances, we do not share any information that directly identifies any individual (such as names or contact information) and we only share pseudonymised information.

We may publish information about adverse events (such as case studies and summaries); in such a case, we will remove identifiers from and otherwise ensure that no individual can be easily recognized from the information published.

Your Rights

You may be entitled under applicable law to ask Teva for a copy of your Personal Information, to update or correct it, restrict its processing or otherwise withdraw your consent to its processing, or to ask us to transfer some of this information to other organisations. You may also have rights to object to some processing. These rights may be limited in some situations – for example, where we can demonstrate we have a legal requirement to process or keep your Personal Information. You may exercise these rights by contacting Teva’s Data Protection Officer (contact information below). Please note that we may require you to provide certain information, including proper identification, before we comply with any request listed above.

We hope that we can satisfy any queries you may have about the way in which we process your Personal Information. If you have any concerns about how we process your Personal Information, you can get in touch with Teva’s Data Protection Office (see below for contact information).

Security

Teva implements reasonable measures to secure Personal Information from accidental loss and from unauthorised access, use, alteration or disclosure. Additionally, we have implemented further information security measures including access controls, stringent physical security and robust information collection, storage & processing practices.

Changes to this Privacy Notice

If we decide to change the substance of this Privacy Notice materially, we will post those changes through a prominent notice.

Contact Information

If you have any concerns about how we process your Personal Information or wish to exercise any of your rights or wish to obtain other information about our Personal Information practices including information about our practices as they relate to our service providers located outside of Canada, , you can get in touch with Teva Data Protection Office by contacting us:

For Canada, you can contact our [Privacy Officer] at PrivacyOfficerCanada@tevacanada.com or TCI.PrivacyOfficer@tevapharm.com

We hope that we can satisfy any queries you may have about the way in which we process your Personal Information. However, if you have unresolved concerns, you also have the right to complain to the data protection authority in the location in which you live or work.

Effective date: October 2022