Germany Patient and legal representatives privacy notice

Access to and implementation of the services of the Sciensus patient support programme requires the collection and processing of personal data of the users (patient and/or their legal representatives), including data relating to health data.

The following privacy notice and consent form define Sciensus Pharma Services Limited as the data controller. As such, we will collect, store, process and destroy your personal information in accordance with data protection law.

This notice is regularly reviewed, and changes made from time to time. Any changes will be posted on this page.

We do not make decisions based solely on automated processing, unless such decisions are required or permitted by law.

If you have any questions relating to this Notice, please contact our Data Protection Officer on

  • Electronically:
  • By post:

The Data Protection Officer

Sciensus Pharma Services Limited

107 Station Street


DE14 1SZ

United Kingdom


If you would like to download a copy of this privacy notice, please click here.

Where we get your information from:

To deliver our services to you, we collect and process information about you and receive them from a variety of sources such as:

Directly from the user (s) (The Patient or Legal Representatives)
From doctor/healthcare professionals


Personal information we collect on you and the lawful grounds for us to process your information:

We only collect the minimum information from you that is necessary to provide the service. This information is set out below and may vary from a service to another

Categories of Information and personal data


Type of data

First and Middle Name


Email Address


Date of Birth

Telephone number

City/Postal Code of School

Health Information/medical history (Current pathology/allergies)

Other medical information (Diarrhoea/ Nausea/Fatigue/Vomit)


Why do we need this data?

To create and maintain a record of your care and communicate with patient/legal representative. To facilitate appointments with healthcare professionalsPlan interventions within a school environmentFor healthcare professionals to personalise the content you will receive.Provide advice and adapted content.The sharing of the User’s health data with the relevant Healthcare Professionals.


What is our lawful ground for processing?

GDPR, article 6 (1)(a) Consent – The individual has given clear consent to process their personal data for a specific purpose. GDPR, article 9 (2)(A) Explicit Consent The individual has given explicit consent to process their personal data for a specific purpose.


Type of data

User weight and height

Current medications

Information on family unit



Why do we need this data?

Optional data to improve the user experience but not essential.


What is our lawful ground for processing?

GDPR Article 6 (1)(f) Legitimate Interest



Categories of recipients

Depending on their respective needs:

• The patient’s healthcare professionals to whom access has been authorized are recipients of all their data collected by the Sciensus patient support programme. The User is informed that they have the possibility to revoke at any time the access initially authorized to their data to one or more of the Health Professionals in charge of their follow-up.

• The User is informed that an approved health data host ensures the secure hosting of health data collected and processed as part of the Application, in accordance with the provisions of Articles under the Federal Data Protection Act and GDPR. As such, the User has the right to object to the hosting of their personal data for a legitimate reason.

The User is informed that their personal data transmitted to the technical service providers are accessible only for the purposes of technical management of the Application, by the specifically authorized technical service providers, in strict compliance with their missions and in compliance with the professional secrecy to which they are subject.

The Data Controller guarantees that the User’s personal data and those of the Patient will not be transmitted to any unauthorized third party.



Users’ data is kept for the duration of the program plus one month. After this, the data necessary to respond to a liability action is archived for a maximum of 10 years for evidentiary purposes, in a secured manner and in accordance with the country’s medical record retention directives.

If the User’s Personal Account remains inactive for 1 year, the user will be notified of account closure and the archiving of their data unless they express their wish to keep their Personal Account.

Transfers of data outside the EU

No data transfer outside the European Union is carried out.


Provided that they do not allow the direct or indirect identification of the User, data may also be used in order to improve the performance and quality of the programme and may be subject to anonymous statistical analysis.

How we keep your information Safe

As part of our programmes, we collect lots of personal and sensitive information about you, and we take keeping your data safe very seriously. For this, we have our own expert teams and use a robust information security management system so that your data is treated appropriately does not end up in the wrong hands. To achieve this, we use a three-layered approach: People, Processes and Technology.

We use a number of technology systems to control how your data is accessed and secured. All our staff members are trained in personal data and confidentiality. They follow strict policies and procedures to ensure security is kept to a high level.

We operate function-based access control. Therefore, our staff members can only access your personal data if it is necessary for them to perform their tasks.

We evaluate our systems regularly using internal and external audits to identify possible weaknesses have rectified them.


You can access and obtain a copy of the data concerning you, object to the processing of this data, have it rectified or have it deleted. You also have the right to restrict the processing of your data.

When the Patient is a minor, the rights are exercised by the User who represents him.


The Data Protection Officer (DPO) is your contact person for any request to exercise your rights over this processing.

Contact the DPO electronically:
Contact the DPO by post:
The Data Protection Officer

Sciensus Pharma Services Limited

107 Station Street


DE14 1SZ

United Kingdom


If you feel, after contacting us, that your rights over your data are not respected, you

can send a complaint directly to the Federal Commissioner for Data Protection and Freedom of Information;jsessionid=C1964F2D1C02F19EB2FD0F77FDE94B35.intranet211