Privacy Policy

This Privacy Policy explains how OPTIMAPHARM d.o.o., Ulica grada Vukovara 284, HR-10000 Zagreb, OIB: 16918922152 (and each affiliate and subsidiary thereof – collectively referred to as "OPTIMAPHARM") processes your Personal Data. OPTIMAPHARM is focused on the protection of your Personal Data and their processing in accordance with the General Data Protection Regulation and the Croatian Law on Implementation of the General Data Protection Regulation and/or any other applicable law or regulation relating to the protection of Personal Data. Please read these rules carefully in order to understand why and how we are collecting your Personal Data and how we intend to use it. OPTIMAPHARM is data controller of your Personal Data. We have appointed a Data Protection Officer, and you can contact the officer via e-mail: data.protection.officer@optimapharm.eu or by regular postal service via: OPTIMAPHARM d.o.o., Ulica grada Vukovara 284, HR-10000 Zagreb, marked "To Data Protection Officer".

OPTIMAPHARM conducts every business transaction (including without limitation, operations, negotiations, and marketing) with integrity and complies with the relevant laws and regulations of each country in which OPTIMAPHARM operates or is looking to operate. All OPTIMAPHARM personnel are expected to conduct OPTIMAPHARM business legally and ethically and with respect to maintaining privacy in communication. The core aspect of OPTIMAPHARM’s business is information related to the provision of clinical trials management or related services for the pharmaceutical, biotechnology and medical devices industry corresponding to human clinical research studies. Given the nature of our work, the protection of Personal Data is critical for our company and our customers. For these reasons, OPTIMAPHARM has a comprehensive privacy program designed to respect and protect data privacy rights. OPTIMAPHARM processes personal data only when at least one legal basis for processing applies. This includes the following: • Processing personal data when the person has given consent to the processing of his or her personal data for one or more specific purposes. This basis may be used for things like keeping CVs after job applications. • Processing personal data when this is a legal obligation. This applies in cases when OPTIMAPHARM must process and retain personal data based on local or international law, such as accounting law that requires keeping records of payments or labour law which requires keeping data about employee benefits, etc. • Processing personal data when this is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract. For example, this applies to HCPs or individual vendors when they sign service agreements or other contracts with OPTIMAPHARM. • Processing based on a certain legitimate interest pursued by OPTIMAPHARM, in which case OPTIMAPHARM will assess if interests or fundamental rights and freedoms of the natural persons whose data is processed override OPTIMAPHARM’s interest for such processing. This includes things like event photos or business-related newsletters. Your Personal Data is processed because of the legal requirements, or processing is necessary for the performance of a contract or in order to take steps prior to entering into a contract or for the purposes of our legitimate interests, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subjects which require protection of Personal Data. If Personal Data cannot be processed based on aforementioned legal basis, we will request your consent. If processing is based on your consent, you have the right to withdraw consent at any time. You can notify us about the withdrawal of the consent at any given time via e-mail address: data.protection.officer@optimapharm.eu or via address: OPTIMAPHARM d.o.o., Ulica grada Vukovara 284, HR-10000 Zagreb. Such withdrawal will not have an effect on the lawfulness of processing based on consent before its withdrawal. Your Personal Data is processed only when it is necessary to fulfil rights and obligations that will arise from business relations, for marketing purposes or for improving our businesses and your user experience. Personal Data is mostly collected directly from you when you fill out a specific form or through the publicly available information.

OPTIMAPHARM collects Personal Data for the unique identification of users, project analysis and implementation, marketing and other types of technical support. When a user engages in specific activities on the www.optimapharm.eu website OPTIMAPHARM may ask the user to provide certain additional personal information. In that case, prior to providing additional personal information, the user is required to review this Privacy Policy and agree to their use with respect to additional information. On the web site www.optimapharm.eu, OPTIMAPHARM collects personal information of the respondents such as name, age, gender, email address, zip code, city, IP address and language. When entering into business relations, we need information about appointed contact person for communication with OPTIMAPHARM, especially name, surname and e-mail address. We collect Personal Data that you provide by filling out online forms (name and contact). For the purpose of marketing and based on OPTIMAPHARM’S legitimate interest the clients’ email addresses, if the client engages in business with OPTIMAPHARM or has done so in the past, may be added to an OPTIMAPHARM newsletter list. For this purpose we process client email addresses which may contain personal information such as names and work position information. Any clients whose emails are on the newsletter list may opt out of the newsletter at any time, by contacting OPTIMAPHARM directly, or by using an opt out link in any OPTIMAPHARM promotional message. Furthermore, OPTIMAPHARM collects and processes Personal Data: Optimapharm collects and processes the following Personal Data: FROM ITS EMPLOYEES AND CONTRACTORS, for the purpose of execution of employment contracts signed with each Employee i.e., Consultancy Agreements signed with Contractors, as well as relating to the personnel, administrative, payroll, or other employment/contracting business purposes, processing some or all of the following data: Personal data from these persons, depending on the type of contract, and maintains records in accordance with local regulations governing the content and method of keeping records of persons employed by an employer. These records contain data on Employees who perform tasks at OPTIMAPHARM based on employment contracts, data on natural persons who perform tasks for OPTIMAPHARM based on other contracts or special regulations, and data on the working hours. This data includes first and last name, personal identification number, gender, day, month and year of birth, citizenship, residence, residence permit, residence and work permit or work registration certificate, if the Employee who is a citizen of a third country is required to have them, professional education and special exams and courses that are a requirement for performing work, certificates, licenses, certificates, etc., date of work start, job title, i.e. nature or type of work for which the person is employed, type of employment contract, date and reason for termination employment relationship, i.e. termination of employment for temporarily assigned Employees, date of submission of application (start, changes, termination) for mandatory insurance of Employees as insured persons based on employment, including voluntary pension insurance, if the employer participates in the payment such insurance, and mandatory health insurance during work abroad, the name of the contract or act on the basis of which the person works at OPTIMAPHARM, and proof of compliance with the prescribed conditions for performing those jobs. FROM VENDORS, SPONSORS AND CLIENTS, for purpose of execution of the services specified in the signed Service Contract/Service Agreement, and for the purpose of maintaining a newsletter list, OPTIMAPHARM collects and processes some or all of the following data from their Employees, Contractors or Collaborators: name; job title; employer; address, VAT number; ID card/passport details; photograph; professional email address; professional telephone number (including mobile telephone number); personal email address; personal telephone number (including mobile telephone number); data related to transactions including transactions’ purposes; academic and professional qualifications; tax ID; government identification number; bank account details; educational training; images and sounds. We may occasionally contact interested parties or parties that have done business with us in the past with our news, offers, and surveys. FROM JOB CANDIDATES, for the purpose of employment, the information that OPTIMAPHARM collects and processes may include: any application materials such as candidate’s Curriculum Vitae, application letter and information that candidates submit voluntarily by themselves and that are collected about the candidate during the application process, results of testing (if applicable) and any related correspondence. FROM VISITORS, for purpose of ensuring controlled access to the Company premises and in accordance with relevant Company’s Security Access Policies, OPTIMAPHARM collects full name and address/company name from each visitor entering the Company’s premises by means of completion of the Visitor’s Sign in Log which is part of relevant Company’s Security Access Policies. FROM INVESTIGATORS, for purpose of execution of services related to the conduct of clinical and noninterventional studies as specified in the signed Contract/Agreement or for purpose of study feasibility analysis, OPTIMAPHARM collects and processes some or all of the following data: Investigators’ full name; job title; home address; date of birth; email address (personal and/or official); telephone number; fax number; mobile phone number; institution details/address; academic and professional qualifications; medical licence number; employment details; clinical trial experience and performance history; conflicts of interests or potential conflicts in relation to participation in clinical trials (if relevant); tax ID number (if relevant); bank account details; personal identification (ID) number. FROM STUDY SITE PERSONNEL, for purpose of execution of services related to the conduct of clinical and noninterventional studies specified in the signed Contract/Agreement, OPTIMAPHARM collects and processes some or all of the following data: persons’ full name; job title; home address; date of birth; email address (personal and/or official); telephone number; fax number; mobile phone number; employment details; institution details/address; academic and professional qualifications; clinical trial performance history; tax ID number; bank account details; personal identification (ID) number. FROM INSTITUTION PERSONNEL OPTIMAPHARM collects and processes for the purpose of executing the Contract/Agreement some or all of the following data: persons’ full name; job title; email address (personal and/or official); telephone number; fax number; mobile phone number; institution details/address; academic and professional qualifications. OPTIMAPHARM will use such Personal Data in order to provide the requested information and/or services. Such uses may include processing requested transactions, improving the quality of our services, sending communications about the products and services available through OPTIMAPHARM, and enabling our business partners and Processors/Subprocessors to perform certain activities on our behalf. OPTIMAPHARM may also use the Personal Data collected above to comply with our legal and regulatory obligations, policies and procedures, and for internal administrative purposes. FROM WEBSITE VISITORS, OPTIMAPHARM collects identifiers and statistical data on visits and use of individual pages within optimapharm.eu for the purpose of analysing and improving the user experience.

OPTIMAPHARM as a Controller can process Personal Data only and to the extent of the following basis for the processing: the data subject has given consent to the processing of his or her Personal Data, processing is necessary for the performance of a contract to which the data subject is party or in order to take step at the request of the data subject prior to entering into a contract, processing is necessary for compliance with a legal obligation to which the controller is subject, processing is necessary in order to protect the vital interests of the data subject or of another natural person, processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller, processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of Personal Data, in particular where the data subject is a child.

Please note that you have the following rights:

The technical and organizational security measures of OPTIMAPHARM are robust and encompass various critical aspects to ensure the protection of personal data is held to an appropriate standard. Security policies and procedures are defined and regularly reviewed, ensuring equivalency with information security standards like ISO 27001. Roles and responsibilities related to personal data processing are individually assigned and periodically reviewed, emphasizing accountability and smooth transitions during organizational changes. Access control policies adhere to the principle of least privilege, managing permissions based on roles. Change management procedures are strictly followed, ensuring all IT system modifications are monitored and approved. OPTIMAPHARM implements stringent access controls across its IT systems, employing robust authentication mechanisms and prohibiting shared accounts except where necessary and controlled. Data at rest and in transit is protected through encryption and pseudonymization techniques. Incident response and business continuity plans are documented, with immediate engagement of our Data Protection Officer and relevant authorities under current personal data protection law. To support business continuity, OPTIMAPHARM maintains comprehensive procedures and controls to minimize disruptions to personal data processing operations. In terms of Human Resources, confidentiality obligations are ingrained in employee induction processes, complemented by regular training sessions to uphold data protection and security awareness. Comprehensive backup procedures are in place to ensure data resilience, with encrypted backups securely stored and managed by our IT vendors. Data deletion and disposal procedures adhere to secure methods, utilizing software-based overwriting or physical destruction where necessary. Finally, physical security measures safeguard both digital infrastructure and physical documents, ensuring non-authorized access is prevented through robust physical barriers and stringent access controls.

We store the personal data that we collect about you in a secure environment. Your personal data is protected from unauthorized access, disclosure, use, alteration or destruction by any organization or individual. Information collected for aforementioned purposes will be stored only as long as it is necessary for the mentioned purposes. Your Personal Data will not be kept in a form that enables your identification longer than OPTIMAPHARM reasonably considers it is necessary to fulfil the purpose for which they have been collected and processed. OPTIMAPHARM will store certain Personal Data for a period of time that is laid down by law or regulation binding OPTIMAPHARM to store data. If you have given us your consent, your Personal Data will be processed until consent is withdrawn. If you file a grounded objection against the processing of Personal Data based on a legitimate interest your Personal Data will not be processed in the future. Personal Data can be processed until the end of a court, administrative or extrajudicial proceeding, including the period for submitting legal remedies. OPTIMAPHARM shall keep certain Personal Data for a period of time that is laid down in law or regulations binding the controller to store data.

With aforementioned, your Personal Data can be given to our trustworthy partners who maintain our IT system or provide services in the name of OPTIMAPHARM. Example wise, for marketing, finance, advertising, payment processing, delivery and other services. Aforementioned service providers are obligated, according to relevant contracts, to use the entrusted data only in accordance with our regulations and exclusively for strictly declared purposes. They are also obligated to adequately protect your data and to keep your data a professional secret.

OPTIMAPHARM as a controller can transfer Personal Data outside the European Economic Area if it is necessary for the execution of contracts between OPTIMAPHARM and the data subject or for fulfilling legal obligations. In that case OPTIMAPHARM, at the time when Personal Data are obtained, provides the data subject with information about intends to transfer Personal Data to a third country and specify which country or international organisation with a name of organisation. Transfer of Personal Data is only allowed to countries which provide an adequate level of data protection – based on an adequacy decision, or through Standard Contractual Clauses adopted by the European Commission, by using binding corporate rules, or by complying with another approved certification mechanism when transferring Personal Data from the European Economic Area to third countries for which there is no adequacy decision in force.

In order to maintain our website and to ensure its functionalities are on the expected level, OPTIMAPHARM uses a technology known as “cookies”. Cookies are small files that are saved on your computer and information that was stored in them can later be accessed again by the same or different web site. They can be temporary or permanent. Thanks to cookies, you can search our web sites without difficulties and access information that is relevant to you. You can find more information about cookies in our Cookie Policy.

The website www.optimapharm.eu may contain links to and from third party websites. This Policy only applies to this website – when Users are linked to other websites they should read privacy policies of the destination websites. OPTIMAPHARM processes personal data through its social media interactions on LinkedIn and Google (YouTube, for promotional videos hosting) platforms. Our business accounts on these social media platforms are managed by OPTIMAPHARM but personal data contained in the messages/posts is not logged or stored outside the respective social medial platform, and no further processing of such personal data is carried out by the OPTIMAPHARM. To learn more about the Privacy Policy of LinkedIn and Google please visit: 1. LinkedIn Privacy and DPO contact https://www.linkedin.com/legal/privacy-policy https://www.linkedin.com/help/linkedin/ask/TSO-DPO 1. Google Privacy and DPO contact https://policies.google.com/privacy https://support.google.com/policies/contact/general_privacy_form?sjid=437248818756370870-EU If you are located in the EEA, you also have the right to lodge a complaint with LinkedIn’s and Google’s lead supervisory authority in Ireland, the Irish Data Protection Commissioner, or your local supervisory authority. We may use other third-party services to conduct our occasional surveys.

For statistical analysis and measurement, the website www.optimapharm.eu also uses Google tools, specifically Google Analytics – a service for measuring traffic and website performance. You may opt in to analytics when you visit the site. These policies do not apply to services and third parties that have separate privacy policies, however, in accordance with the regulations related to the protection of personal data OPTIMAPHARM is obligated to inform their users about the data collected by Google providing its services to other natural and legal persons. Data collected through the Google Analytics tool is NOT forwarded or shared by OPTIMAPHARM with Google for their own use. However, the processing of data by Google as part of your use of social networks and other tools cannot be influenced by OPTIMAPHARM. Please read the sections of these policies carefully to know how Google processes your personal data. The information collected by Google Analytics includes the following information which may be considered personal data: Measurement ID (identifies your website/app) (Anonymized), Indicates if data is sent from Google Tag Manager (for internal tracking), Product (website or app), Geo-Code ID (broad location) (Anonymized), Do Not Track (DNT) header sent by browser, Combined Statistical Area (rough geographic location) (Anonymized), Designated Market Area (rough geographic location) (Anonymized), Client ID (unique identifier for a user’s device) (Anonymized), User language, Screen resolution, User Agent (browser information), App Version (for apps), Flash Version (if applicable), Mobile Brand (for mobile devices), Mobile Model (for mobile devices), App Name (for apps), App Version (for apps), Ad Blocker (indicates if an ad blocker is present), Anti-Referral Exclusion (prevents referral spam), Page/Screen Custom Dimensions List (custom data associated with the page), Session ID (unique identifier for a user’s visit), Session ID (alternative identifier for a session), Session count (number of sessions recorded for a user), Session engagement (1 if user interacted with the website/app), Document Location (URL of the page), Document Referrer (URL of the referring page), Document Title (title of the page), Engagement Time (time spent on the website/app), Enhanced E-commerce data (if enabled, tracks user purchases), Timezone offset from UTC (user’s time zone). In addition, Google collects information about the interaction of applications, browsers, and devices with Google services, including IP address, crash reports, system activity, and the date, time, and referral URL for the respondent’s request, if you use a Google account or device. Google collects information when a Google service on your device contacts Google servers – for example, when you install an app from the Play Store or when the service checks for automatic updates. If you use an Android device with Google applications, your device periodically contacts Google servers to provide device information and connect to their services. This includes information such as device type, mobile operator name, crash reports, and applications you have installed. For what purposes does Google collect your data Google may use your information to ensure the proper functioning of services, for example by monitoring downtime or resolving issues you report. Furthermore, Google uses the data for analytical and measurement purposes. For example, Google analyses information about your visits to Google sites and uses information about ads you interact with. When you visit sites that use Google Analytics, Google and a Google Analytics user may associate information about your activity on that site with activity on other sites that use Google advertising services. The information we collect, such as your email address, is used by Google to interact directly with you. For example, it may send you a notification if it detects suspicious activity, such as an attempt to sign into your Google Account from an unusual location, or it may notify you of upcoming changes or improvements to services. In the event that you contact Google, Google records a request record to help resolve your issue. Google uses automated systems that analyse your content to provide customized search results, customized ads, or other features tailored to your use of our services. Google also analyses your content to detect abuse, such as unwanted, malicious, or illegal content. Algorithms are also used to identify patterns in Google data. For example, Google Translate helps people communicate in different languages by revealing common language patterns in the phrases you are looking for translation. For the purposes described above, Google may combine the data collected from its services and all of your devices. Depending on your account settings, your activity on other sites and applications may be linked to your personal information in order to improve Google services and the ads that Google displays. If other users already have your email address or other credentials, Google may show them your publicly visible Google Account information, such as your name and photo. For example, they can more easily recognize the email you send them. Više o Googleovim pravilima privatnosti možete saznati na poveznici: https://policies.google.com/privacy?hl=hr.

This Policy enters into force from the day of publishing on the website www.optimapharm.eu. We keep our Privacy Policy under regular review, and we will publish any updates on this web page.