Privacy policy

We respect your privacy and protect your personal data which you provide to us and which we collect based on this privacy policy (hereinafter – the Privacy Policy). Privacy Policy describes what data about you is collected by us, where this data is used and with whom and under what conditions this data can be possibly shared with the third parties. We also explain how we store and protect your data against misuse, and what rights you have with regards to the personal data you provide us with.

Data Controller

UAB Sveikuva

Legal code: 210893160

Address: Vytauto Ave. 23, 44352 Kaunas, Republic of Lithuania

(hereinafter – Sveikuva or We)

Sveikuva is a data controller for all the processing activities described below, excluding exceptions specified within this Privacy Policy.

Contact details for data protection matters UAB „Sveikuva“

E-mail: privacy@sveikuva.lt
When we collect personal data directly from e.g. job applicants, service providers, clients, or business partners, we act as a data controller. When we collect data from e.g. patients, health care specialists, we act as a data processor. As a data controller, in our Privacy Policy we inform data subjects about the purposes for which we collect and use their personal data. Where we act as a data processor, we cooperate with our clients and assist them in providing information to their patients, health care specialists and others regarding the purposes for which personal data is collected.

Your personal data is processed on the basis of the agreement, consent or legal interest of Sveikuva.

We may process your personal data for the following purposes:

3.1. Our website and cookies

You do not need to disclose your identity in order to use our website www.sveikuva.lt. To ensure proper and convenient use of our website, we use the necessary cookies. These cookies do not collect information that would allow to identify the user of the website.

3.2. Response to requests and queries

If you send us a request or query by using contact details provided in our website, in order to provide you with a response, we will process your contact details (e.g. name, surname, email address, tel. number, title of position, etc.), as well as other information provided to us by yourself.

We consider the need to store digital requests and quires on a regular basis. In any case, regular requests and queries submitted to us are permanently removed at least every 3 (three) years.

3.3. Job applicants

If job applicants submit us with their CVs directly or via employment websites, we process personal data (name, surname, e-mail, qualification, professional skills and competences, as well as other information provided within the CV) for the purpose of selecting proper candidates for vacancies. We process this personal data of applicants on the basis of their consent.

Once a position has been selected, personal data of the non-selected applicants shall be retained for 3 (three) months or longer if we are of the opinion that we will be able to offer a position to the applicant in the nearest future and when consent of the applicant is granted.

3.4. Clients and partners (Freelance Consultants)

Sveikuva provides its clients with consulting services as described below. Notwithstanding the type of the services provided, we collect and process the following data about the representative of our client (legal person): name, surname, position, telephone number, e-mail address, and fax number. Personal data is collected for the purpose of concluding and executing the agreement on provision of services, as well as in order to ensure proper communication with the client.

Due to our business model, in some cases we provide services through our business partners (freelance consultants). We collect and process the following data about our business partners:

  • legal persons: name, surname, position of representative, telephone number, e-mail address, and fax number.
  • natural persons: name, surname, personal code and/or date of birth, address, individual activity certificate number, tel. number, e-mail, and fax number.

Personal data is collected for the purpose of concluding and executing an agreement.

Additionally, to ensure the provision of proper services to our clients, we collect our partners’ CVs and personal data on a file to ensure that individuals working on specific projects have the qualifications needed.

3.5. Provision of services

Sveikuva provides its clients (pharmacy companies) with consulting services related to obtaining and maintaining marketing authorisations for medical products, as well as services of pharmacovigilance, pharmacovigilance trainings, translations, and localisations.

  • Registration of medical products and independent experts

If an independent expert opinion is required for the registration of a medical product, we collect expert’s CV and personal data on a file, and, if required, we additionally collect documents and data on files that confirm expert’s qualification, competence, and knowledge.

  • Pharmacovigilance services

We conclude agreements with our clients to provide them with the services of pharmacovigilance which include processing of information related to patients and potential adverse reactions of medications.

Usually we process the following information about the patients: country, date of birth and/or age, gender, medical data (e.g. type and details of adverse reactions, generic name of the drug, daily doses, indications for use, therapy dates and duration, and etc.). Normally, we do not process the initials of the patients unless we identify adverse reactions to a medication when analysing medical literature and initials of the patients are provided in medical publications (copy of a respective medical publication is normally attached to the case of suspected adverse reaction).

We may process the following information of the third parties that report potential adverse reactions (e.g. health care specialists): name, surname, profession, address, tel. number and e-mail address.

We do not determine the purposes for collecting and processing information. We act as a data processor in respect of provision of this service. We process data on behalf of our clients and following the instructions of the clients that have legal duty to implement pharmacovigilance. This information is highly important in order to ensure public health, and our clients use this information to establish, assess, and understand negative reaction of medical products, as well as to ensure prevention of adverse reactions. We assist our clients in implementing their legal duties related to pharmacovigilance and informing the data subjects about processing of their personal data.

Personal data is not used for any other purposes.

  • Pharmacovigilance trainings

We provide trainings on pharmacovigilance and for that purpose we conclude a list of participants. Additionally, after the training is completed, we verify the attendee’s knowledge by testing.

We collect the following personal data of the attendee: name, surname, company name, position, and telephone number.

Data is collected and processed for the purpose of implementing the service agreement.

  • Testing for readability of package leaflet

When we provide the service of testing for readability of a package leaflet, we conduct special tests and for that purpose we process the following information about individuals participating in the tests: name, surname, gender, age, education (e.g. secondary school, junior college, higher education), general information about profession may be collected (e.g. director, accountant, seller, etc.), and voice record may be conducted. Personal data is collected under the consent of a tested person.

3.6. Events, seminars, consultations

For the registration to our events and seminars, we may ask you to provide your name, surname, e-mail address, tel. number, name of the company, or address of the company.

Usually we do not take photos of the attendees during our events. However, if we were to decide to take photos of the attendees, we shall notify you with specific signs before entering our event or seminar and we will process the images with your appearance only by having your consent.

We may also issue you with a certificate confirming your participation in the event, seminar or consultation. For this purpose we will process your name and surname.

3.7. Communication via newsletters, direct marketing

If you have subscribed to our newsletter (or agreed to receive it) or if you are our customer and have not expressed an objection to receiving the newsletter (Sveikuva's legitimate interest to inform about services), we will process your data for the purpose of communication via newsletters, direct marketing.

For this, we will process your name, surname, e-mail, phone number, company name, company address.

If you want to withdraw your consent or object (if you are a customer), you can do so at any time by contacting privacy@sveikuva.lt.
Your personal data shall not be disclosed to any person other than Sveikuva clients or partners without whom smooth provision of services described in this Privacy Policy would not be ensured. Additionally, these persons may include database software suppliers, website administration service providers, cloud computing service providers, and etc. Your personal data may also be provided to the governmental or law enforcement authorities when this is required under the applicable law or in order to ensure our rights and interests, as well as the rights and interest of our employees, clients and partners.

Partners and service providers of Sveikuva process personal data only to the extent required for the provision of services.

Normally we do not transfer personal data outside the EU or EEA. However, in case we transfer personal data outside the EU or EEA, we will ensure that our partners and service providers are committed to the model clauses of the European Commission regarding the processing of personal data and/or are covered by the EU-US Data Privacy Framework.
We process and store your personal data only as long as required for the purposes established by this Privacy Policy. Taking into account obligations of the legal rules, we assess the need to store the data on a regular basis.
Sveikuva applies appropriate technical and organizational measures to ensure the security of personal data.

Digital data is stored in databases that are protected by firewalls, passwords and other technical measures. Access to our databases is granted to employees in accordance with their job functions. The databases and their back-ups are stored in locked facilities and they can only be accessed by certain appointed employees.

Non-digital data is stored in locked facilities, access to such facilities is granted to employees in accordance with their job functions. We apply access control measures.
You have the following rights related to your personal data:
  • to submit a request to get access to, correct or erase the data, or to restrict data processing;
  • the right to disagree with data processing;
  • the right to receive your personal data in a systemized, commonly used format that can be easily processed by a computer;
  • to cancel your consent;
  • to file a complaint with the State Data Protection Inspectorate in case you believe that we process your personal data inappropriately (https://vdai.lrv.lt/).


You may exercise these rights by sending a request to Sveikuva to the contacts specified in this Privacy Policy (privacy@sveikuva.lt).
In case of amendments to the Privacy Policy, the date of amendments will be specified in the updated version. In case the amendments are significant, we may also inform you about them in other ways such as by e-mail or by posting a notification on our website.

We recommend visiting our website regularly and paying attention to any changes in our Privacy Policy.

Our cookies

We use the necessary cookies to make our website work. You may disable these cookies by changing your browser settings.
  1. Information about the company
“Sveikuva”, Ltd (toliau - Sveikuva) – is a company operating since 2003, which specializes in regulatory, pharmacovigilance and translation services for medicines, medical devices, food supplements and cosmetics from the early stages of the product life cycle, technical, pharmaceutical, and medical documents to global coordination of regulatory projects.
  1. Information security management system
It is important to protect the data and intellectual property of Sveikuva's employees and customers, therefore Sveikuva's management decided to implement an information security management system (ISMS) in accordance with LST ISO/IEC 27001:2013. ISMS is designed to protect information from loss, unauthorized disclosure or alteration, and other unauthorized actions. ISMS applies to all employees of the company, legal entities who are granted access to Sveikuva data on the basis of contractual relationships.
  1. Information security management system objectives
Protect information from loss, unauthorized disclosure or alteration, and other illegal actions by ensuring accessibility, confidentiality, and availability. Ensure effective management of information security risks to an acceptable level by implementing risk management measures. Minimize damage to Sveikuva in the event of an incident or avoiding it.
  1. Obligations of Sveikuva management for information security
  • Establish general information security management objectives.
  • Comply with information security obligations established in the legal acts of the European Union, the Republic of Lithuania, the General Data Protection Regulation and contracts with clients and employees.
  • Identify ISMS improvement tasks, select measures, plan their implementation.
  • Ensure necessary resources for ISMS.
  • Create conditions for Sveikuva employees to improve their knowledge of information security.
 
  1. Ensuring information security
We obliged Sveikuva employees to familiarize themselves with the requirements set out in the ISMS policy and procedures and to comply with them. We use following information security measures (including but not limited to):
  • Supplier management
  • Acceptable use of information tools
  • Malware management
  • Business continuity
  • Electronic communication
  • Computer network security
  • Secure transmission of information
  • Employee training
  • Vulnerability management
  • Management of mobile devices
  • Remote work procedure
We obliged Sveikuva's suppliers and subcontractors to comply with the information security requirements established by ISMS, by issuing instructions, signing data management agreements, confidentiality agreements, and conducting inspections. We are constantly improving the ISMS by conducting internal audits, identifying nonconformities, and implementing corrective actions, looking for ways to improve. If you want to directly contact the person responsible for data security, for example, if you have questions, to report a vulnerability or other issues, please write to info@sveikuva.lt. If you have questions about the security of personal data, please familiarize yourself with the Privacy Policy at: https://www.sveikuva.com/lt/privatumo-politika/
  1. Information security system validity and review
This information security policy has been approved and entered into force on 2022-09-15. We publish the information security policy publicly to interested parties. We review the policy regularly, at least once every 1 year.