Please read this privacy notice carefully as it contains important information on how HealthActiv handles the personal data of its stakeholders.
1. Who are we?
HealthActiv (“we”, “us” or “our”) is a trading department of IBL Ltd (the largest listed conglomerate in Mauritius) specialised in the marketing and distribution of a vast range of pharmaceutical, consumer health and animal health products as well as medical devices, medical and laboratory equipment, and consumables.
Our registered office is situated at IBL House, Caudan Waterfront, Port Louis, Mauritius and our principal place of business is situated at 15 Reserves Street, Les Salines, Port Louis, Mauritius.
HealthActiv respects your privacy, and is committed to protecting the privacy, confidentiality and security of the personal data you provide us when you use our website, when you contact our office, when you report an adverse event (pharmacovigilance reporting) or when you otherwise interact with us.
2. Which personal data we collect?
When interacting with you, we may collect the following personal data for the purposes of our business activities (refer to section 3 below), pharmacovigilance purposes (refer to section 6 below) or when you apply for a job through our website:
Also, when you choose to receive our marketing communications (including newsletters, promotional and special offers), we ask that you provide us with your email address. The provision of this information is purely voluntary, and you may opt out of receiving our marketing communications at any time by unsubscribing to these communications.
Refer to section 6 below for specific details on how we handle pharmacovigilance data.
3. How and why we use your personal data?
We use your personal data in the course of our business activities and interaction with you for the following purposes:
4. To whom do we disclose personal data?
Your personal data may be shared as follows:
We will ensure that your personal data is kept safely. Only designated persons will have access to your personal data on a strictly need-to-know basis for the purposes of fulfilling our agreement, treating job applications or promoting our business relationship with you. In addition, third parties with whom we share your personal data will be contractually obliged to safeguard all personal data to which they have access.
Some disclosures do not require your consent. This happens when we share your personal data with (i) law enforcement bodies/agencies, regulatory authorities, and other statutory authorities, if required by law and (ii) if required or authorized by law or if we suspect any unlawful activities on your part.
Refer to section 6 below for specific details on how we handle pharmacovigilance data.
5. Overseas transfers of your personal data
In some cases, we may need to transfer your personal data with organisations located in countries outside our territorial limits in order to provide our services to you or execute a pharmacovigilance disclosure. We will take appropriate safeguards in order to secure the personal data being transferred.
Please note that:
As a player in the human healthcare sector, HealthActiv has a duty to monitor the safety of the products distributed to patients by collecting and reporting to manufacturers and authorities, where applicable, adverse events that patients may have suffered.
Such monitoring of adverse events is called pharmacovigilance (“PV”). PV requirements exist to allow us, our suppliers and competent regulatory authorities (such as the Ministry of Health and Wellness in Mauritius and other foreign authorities issuing approvals for product manufacturing) to manage adverse events and to protect public health and ensure the highest standards of quality and the safety of all products marketed locally.
Our PV obligations require us to process personal data of a patient and/or the reporter of an adverse event that we receive in order to comply with our PV reporting obligations towards manufacturers and relevant regulatory authorities.
Hence, we may need to process the following personal data:
About the Patient:
(i) Initials, date of birth, age group, gender, weight, height
(ii) Information about health, racial or ethnic origin and sexual life;
(iii) Medical history and status, which may include for example:
(a) details of the product suspected to cause the adverse event, including the dosage taken or prescribed, the reason why the patient has been taking or has been prescribed the product and any subsequent change to the patient’s usual regimen;
(b) details of other medicines or remedies taken by the patient or that were taken at the time of the adverse event, including the dosage taken or prescribed, the period of time the patient has been taking that medicine, the reason the patient was taking that medicine and any subsequent change to the patient’s regimen; and
(c) details of the adverse event suffered, the treatment received for that event, and any potential long-term effects the adverse event has caused to the patient’s health; and other medical history considered relevant by the reporter, including documents such as lab reports, medication histories and patient histories.
About the Reporter (if other than the Patient):
(i) Name, surname, contact details (which may include residential address, e-mail address, phone number or fax number);
(ii) Profession (this information may determine the questions asked about an adverse event, depending on assumed level of medical knowledge); and
(iii) Relationship with the subject of the report.
Pursuant to our PV obligations, we may process your personal data to:
Furthermore, in compliance with our PV obligations, we may share and/or disclose your personal data:
Overseas transfer of PV data
Our PV databases are hosted in North Europe - Ireland.
As mentioned above, pursuant to our contractual and/or mandatory obligations, we are required to transfer your personal data as a matter of PV reporting to such concerned third parties (including manufacturers and regulators) involved in the manufacturing chain which have their databases abroad. In such cases, the processing and safeguarding of Personal Data by these third parties will be governed by the terms of their respective privacy notices.
7. Direct Marketing
From time to time, we could use your name and contact information to send you either via emails, post, or social media information that we think may be of interest to you, including stories, events, products and services offered by HealthActiv or a company of the IBL Group as well as special offers and promotions and surveys but we can only do so with your consent.
You will also be able to opt-out from receiving marketing communications at any time, free of charge, by following the unsubscribe instructions contained in each of our marketing communications or by contacting us in accordance with the section “Contact Us” below.
8. How long do we keep your information?
Your personal data will be stored for as long as required to fulfil our business purposes, pharmacovigilance purposes and for the period of time required by law. To the extent required by law, we will take reasonable steps to destroy or anonymise personal data in a secure manner when we no longer need it for the purposes for which it was collected (as set out in section 3 of this notice) and retention is no longer necessary for legal or business purposes. Regarding PV data, our obligation is to retain such data (which may include personal data) at least for the duration of the relevant product life-cycle and for an additional ten years after the respective pharmaceutical product and medical device has been removed from the market (or for thirty-five years in some cases).
9. Processing of personal data must be justified
We will only process your personal data where we are satisfied that we have an appropriate legal basis to do so, such as (i) for the performance of a contract between us; (ii) where you have provided us with your express consent to process your personal data for a specific purpose; (iii) our use of your personal data is necessary to fulfill our statutory obligations with relevant authorities (regulators, tax officials, law enforcement bodies) or otherwise meet our legal responsibilities; (iv) our use of your personal data is in our legitimate interest as a commercial organisation.
Where we process special categories of personal data, we will do so in compliance with the requirements of section 29 of the Mauritian Data Protection Act 2017.
10. Security of personal data
HealthActiv has in place reasonable technical and organisational measures to prevent unauthorised or accidental access, processing, erasure, loss or use of your personal data and to keep your personal data confidential. These measures are subject to ongoing review and monitoring.
We cannot guarantee that our website will function without disruptions. We shall not be liable for damages that may result from the use of electronic means of communication, including, but not limited to, damages resulting from the failure or delay in delivery of electronic communications, interception or manipulation of electronic communications by third parties or by computer programs used for electronic communications and transmission of viruses.
11. Children and Minors
Except where required by local laws, we do not knowingly collect personal data from minors. If you are a minor, you may only use our website and services with the permission of your parent or guardian.
12. Links to other websites
13. Access to your personal data
You have the right to request a copy of the personal data we hold about you. To do this, simply contact our Data Protection Officer and specify what data you would like. We will take all reasonable steps to confirm your identity before providing details of your personal data.
You will not have to pay a fee to access your personal data (or to exercise any of your other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.
14. Correction of your personal data
You have the right to ask us to update, correct or delete your personal data. We will take all reasonable steps to confirm your identity before making changes to personal data we may hold about you. We would appreciate it if you would take the necessary steps to keep your personal data accurate and up-to-date by notifying us of any changes we need to be aware of.
15. Withdrawal of consent and request for deletion of personal data
You may also withdraw your consent to receiving direct marketing communications, or more generally to our processing of your personal data, at any time, and you may in certain circumstances ask us to delete your personal data. However, we may not be able to fulfil our contractual obligations to you if you entirely withdraw your consent or ask us to delete your personal data entirely. To protect your personal data, we shall require that you first prove your identity to us at the time the request is made, for instance by providing a copy of your national identification card, contact details or answering some other security questions to satisfy ourselves of your identity before we may proceed with your request(s).
Whenever reasonably possible and required, we will strive to grant these rights within 30 days, but our response time will depend on the complexity of your requests. We will generally respond to your requests free of charge unless if your request involves processing or retrieving a significant volume of data, or if we consider that your request is unfounded, excessive or repetitive in which case we reserve the right to charge a fee (as mentioned above regarding access).
There may be circumstances where we are not able to comply with your requests, typically in relation to a request to erase your personal data or where you object to the processing of your personal data for a specific purpose or where you request that we restrict the use of your personal data where we need to keep your personal data to comply with a legal obligation (including a pharmacovigilance situation) or where we need to use such information to establish, exercise or defend a legal claim. To make these requests, or if you have any questions or complaints about how we handle your personal data or would like us to update the data we maintain about you and your preferences, please contact our Data Protection Officer at the address set out under section 19 below.
16. Cookies policy
What is a cookie?
Cookies are small data files that your browser places on your computer or device. Cookies help your browser navigate a website and the cookies themselves cannot collect any data stored on your computer or your files. When a server uses a web browser to read cookies, they can help a website deliver a more user-friendly service. To protect your privacy, your browser only gives a website access to the cookies it has already sent to you.
How are third party cookies used?
How do I reject and delete cookies?
17. Amendments to this Privacy Notice
We may amend this privacy notice from time to time. Any amendment will be posted on our website so that you are always informed of the way we collect and use your personal data. Any changes to this privacy notice will become effective upon posting of the revised privacy notice on the website. Use of our website following such changes constitutes your acceptance of the revised privacy notice then in effect but, to the extent such changes have a material effect on your rights or obligations as regards our handling of your personal data, such changes will only apply to personal data after the changes are applied.
This privacy notice is governed by and shall be construed in accordance with the laws of the Republic of Mauritius. This privacy notice is written in the English language and may be translated into other languages. In the event of any inconsistency between the English version and the translated version of this privacy notice, the English version shall prevail.
19. How to contact us?
As a trading department of IBL Ltd, the Data Protection Officer of IBL Ltd also oversees compliance with and questions in relation to HealthActiv’s privacy notice. If you have any questions about this notice, including any requests to exercise your legal rights, please contact the Data Protection Officer using the details set out below:
Regarding PV data, you may also contact:
If you believe we have not handled your request in an appropriate manner, you may lodge a complaint with the Data Protection Commissioner (DPC) (The Data Protection Office, 5th floor, SICOM Tower, Wall Street Ebène, Mauritius). However, we ask that you please try to resolve any issues with us first before referring your complaint to the DPC.
Version dated 21 May 2022