GENERAL PROVISIONS

1. The Privacy and Cookie Policy (hereinafter referred to as Privacy Policy) shall define basic principles and policy of managing personal data of visitors of www.norameda.com website owned by NORAMEDA Private Limited Company (Company Reg. No. 140744584, registered address: Meistru Str. 8A, Vilnius c., address for correspondence: Gyneju Str. 16, Vilnius c.; hereinafter referred to as NORAMEDA).
2. The Privacy Policy shall make you aware of management of your personal data by NORAMEDA.
3. Personal data is any information, on the basis of which you are or can be identified, such as surname, first name, phone number, e-mail or postal address, your professional activity licence number and other information (hereinafter referred to as Personal Data).
4. The Privacy Policy shall be available for reading on NORAMEDA website any time.
5. Collection, management and storage of your personal data shall be governed by the Privacy Policy, the Law on Legal Protection of Personal Data of the Republic of Lithuania, the Law on Electronic Communications of the Republic of Lithuania and Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation; hereinafter referred to as GDPR).
6. If a term starting with a capital letter is not defined in the Privacy Policy hereto, definitions of such terms laid out in the website e-service provision regulations published on www.norameda.com (hereinafter referred to as Regulations) shall apply.

PERSONAL DATA MANAGEMENT

1. Your personal data shall be managed by NORAMEDA.
2. NORAMEDA has appointed a person responsible for protection of Personal Data, and the person can be contacted by e-mail address info@norameda.com. If you have any questions regarding management of your personal data by NORAMEDA, you can also contact us by phone (+370 5 2306499).

PRINCIPLES OF MANAGING PERSONAL DATA

1. Managing your personal data, NORAMEDA follows the personal data management principles listed below:
   1. Personal Data are managed following the principles of transparency, integrity and legality;
   2. Personal Data are accurate and correct and can be updated, if required;
   3. Personal Data are managed in the way ensuring the appropriate level of protection of personal data;
   4. Personal Data are managed for the clearly defined and legal purposes;
   5. Personal Data are managed in as much as it is required for the particular management purposes.
2. Managing and storing your Personal Data, NORAMEDA implements the organizational and technical data protection measures guaranteeing protection of Personal Data from accidental or illegal destruction, replacement, disclosure or any other illegal management. Storage premises of the collected data is physically protected from access by outsiders. Your Personal Data are protected from illegal access through computer network.

BASIS AND PURPOSE OF MANAGING PERSONAL DATA

1. Personal Data of our users are managed for the purposes and on the legal bases listed below:
   1. In order to ensure the appropriate functionality of the Website (including management of Personal Data collected by cookies) based on your voluntary consent (Art. 6, Part 1, par. (a) of GDPR);
   2. In order to provide e-services (including the possibilities to use the Website and User account, and manage claims and queries sent using the contact form) based on E-service provision Agreement made by and between a User and NORAMEDA on the basis of Regulations (Art. 6, Part 1, par. (b) of GDPR);
   3. For the purposes of marketing NORAMEDA products and services (including sending information, presentations, notices and personalized offers related to NORAMEDA products) – based on your voluntary consent (Art. 6, Part 1, par. (a) of GDPR);
   4. For the purposes of providing NORAMEDA newsletter service (including sending information on Services to the e-mail addresses indicated by Users) based on your voluntary consent (Art. 6, Part 1, par. (a) of GDPR);
   5. For the purposes of employment (including staff searching process) based on your voluntary consent (Art. 6, Part 1, par. (a) of GDPR);
   6. In order to ensure high level of safety, first of all by fulfilling the liability to monitor safety of medicinal products, including the register of reports and adverse effects for the competent authorities based on:
      1. The necessity for recycling in order to fulfil legal liability of NORAMEDA to monitor safety of medicinal products as intended in Art. 28 Part 2 and Part 3, par. d) of the Commission Implementing Regulation (EU) No 520/2012 of 19 June 2012 on the performance of pharmacovigilance activities provided for in Regulation (EC) No 726/2004 of the European Parliament and of the Council and Directive 2001/83/EC of the European Parliament and of the Council (Art. 6, Part 1, par. (c) of GDPR);
      2. The necessity for data management considering the public interest in public health in order to monitor drug safety related to the obligation to collect and store data required for getting more information on a registered case (suspected adverse reaction), including data of the reporting person (Art. 9, Part 1, par. (i) of GDPR).
   7. In order to ensure accountability of data management (including evidence that Personal Data is managed following the personal data management principles listed in Art. 5 of GDPR) based on legal obligations by NORAMEDA intended in GDPR (Art. 6, Part 1, par. (c) of GDPR);
   8. In order to fulfil obligations resultant from legal acts (including tax and accounting laws) based on legal obligations by NORAMEDA resultant from applicable legal acts (Art. 6, Part 1, par. (c) of GDPR).

VOLUNTARY DELIVERY OF DATA

1. Delivery of Personal Data for the purposes indicated in the Privacy Policy is voluntary. If you fail to deliver Personal Data, NORAMEDA will not be able to fulfil the E-service Provision Agreement made with you or its legal obligations regarding the requirements on monitoring safety of medicinal products.
2. If your Personal Data is managed with your consent (Art. 6, Part 1, par. (a) of GDPR), you are entitled to revoke the consent any time. Revocation of the consent does not affect legality of consent-based data management until revocation of the consent.

PERSONAL DATA STORAGE PERIOD

1. Personal Data storage period:
   1. With the aim to ensure appropriate functioning of the Website (including management of Personal Data collected by cookies) we shall manage your Personal Data until you revoke your voluntary consent or for the relevant storage periods indicated in Cookie Policy;
   2. With the aim to provide e-services (including possibility to use the Website and User accounts, claim management and responding to the queries delivered through the contact form) we shall store Personal Data during provision of Services based on the Regulations but not longer than until termination or expiry of the E-services Provision Agreement or till the end of claim lodging term; in the case of claim processing your Personal Data shall be stored during the whole period of claim processing but not longer than until final resolution of your claim;
   3. For the purposes of marketing NORAMEDA products and services (including sending information, presentations, notices and personalized offers concerning NORAMEDA products): 10 years from the moment of giving consent for management of your Personal Data;
   4. For the purposes of providing NORAMEDA newsletter service (including sending information on Services to the e-mail addresses indicated by Users): 10 years from the moment of giving consent for management of your Personal Data;
   5. For the purposes of employment (including staff searching process): till the end of employment process and, in the case the consent for Personal Data management for the purposes of future staff search processes, 6 months;
   6. For the purposes of monitoring safety of medicinal products (including management of report register and delivery of information on individual cases of adverse reactions to competent authorities): until expiration of the marketing licence for the drug reported to cause adverse reactions and another 10 years afterwards;
   7. In order to ensure accountability of Personal Data management (including evidence that Personal Data is managed following the personal data management principles listed in Art. 5 of GDPR): Personal Data shall be stored the whole period of providing Services under the Regulations but not longer than until termination or expiry of the E-services Provision Agreement or till the end of claim lodging term;
   8. For the purposes of fulfilment of obligations resultant from legal acts (including tax and accounting laws): Personal Data shall be stored as long as it is required by applicable legal acts.
2. On expiry of each and every term mentioned above your Personal Data shall be deleted automatically.

AUTOMATIC DECISION-MAKING

1. NORAMEDA is not using a profile grading or other decision-making system that might cause legal consequences to Users or affect Users significantly in other similar way based on automatic Personal Data management exclusively (without human participation).

TRANSFER OF PERSONAL DATA TO THIRD PARTIES

1. Data management subjects (data managers, such as Server host, Website administrator and parcel delivery companies) hired by NORAMEDA may help managing your Personal Data to the extent absolutely necessary to fulfil their functions. NORAMEDA is entitled to transfer your Personal Data to NORAMEDA Group companies or other companies that provide services to NORAMEDA. Your Personal Data can also be transferred to the subjects or institutions authorized to manage data on the basis of legal requirements, including the European Medicines Agency and the State Medicines Control Agency under the Ministry of Health of the Republic of Lithuania. NORAMEDA is entitled to transfer your Personal Data in the way and on the basis intended by the Privacy Policy hereto or applicable legal acts.
2. Your Personal data shall not be transferred to third parties (non-EU states).

RIGHTS OF DATA SUBJECTS

1. According to GDPR, you shall have the following rights:
   1. To check whether your data is being managed by NORAMEDA and if yes, to make yourself aware of what data is being managed and how;
   2. To require to correct inaccurate or supplement incomprehensive Personal Data;
   3. To require to stop managing Personal Data, except of storage, if your data is being managed against applicable laws;
   4. To require to limit managing Personal Data on the bases intended in GDPR;
   5. To require to delete your Personal Data (‘the right to be forgotten’) on the bases intended in GDPR;
   6. To receive a copy of your Personal Data in the normally used and computer-readable format, if management of such data is based on your consent or an agreement;
   7. To disagree with management of your Personal Data, when NORAMEDA manages such data seeking its own legal interests; in such cases NORAMEDA will stop managing your Personal Data, unless they will be able to prove that your data is being managed for the convincing legal reasons superior to your interests, rights and freedoms or with the aim to express, fulfil or defend legal requirements;
   8. To lodge a complaint at the State Personal Data Inspectorate.
2. You can exercise your rights listed above (except of the one mentioned in Section 9.1.8. above) by contacting NORAMEDA in person or in written at the address Gyneju Str. 16, 01108, Vilnius or by e-mail info@norameda.com and delivering your identity documents or certified copies thereof. Having received your application regarding Personal Data management, NORAMEDA shall reply to you within one month from the contact date.
3. If you have any questions regarding your rights discussed above or the Privacy Policy hereto, please feel free to send us the e-mail letter with ‘Data protection’ in the subject line to info@norameda.com.

Cookie Policy

Cookies are small pieces of textual information received by the browser of your device from the websites you are visiting and stored at your device. Cookies enable NORAMEDA Website to remember information on your browsing habits, actions, searches and settings in order for you to use all functionality of the Website and to make future visits on NORAMEDA Website simpler and more useful.

Cookies are used with your consent. The consent can be given through your browser settings. If you disagree with storage of cookies at your computer or other end device, you can change browser settings and disable all cookies or enable/disable them one by one. However, it should be noted that such disabling may slow down your Internet speed, limit some functions of the Website or even block access to the Website. For more information, please visit allaboutcookies.org.

Detailed information on cookie settings is available in settings of each particular network browser. Hyperlinks to the websites with instructions by browser manufacturers on how to change cookie settings of various browsers are given below:

1. Internet Explorer: https://support.microsoft.com/pl-pl/help/17442/windows-internet-explorer-delete-manage-cookies;
2. Safari: https://support.apple.com/pl-pl/guide/safari/sfri11471/mac;
3. Firefox: https://support.mozilla.org/pl/products/firefox/protect-your-privacy/cookies;
4. Google Chrome: https://support.google.com/chrome/answer/95647?co=GENIE.Platform%3DDesktop&hl=pl.

We do hereby inform that certain changes in cookie settings affecting the cookies used on the Website may limit or prevent some functions of the Website and even prevent you from using the Website itself. Such changes may also delete your personalization settings on the Website (e. g. ‘memorized’ user names, passwords, language settings, etc.).

Among other things, cookies can be classified as follows:

1. Obligatory: the ones required for you to be able to use the Website;
2. Analytical: the ones storing information on how to use the Website in order to improve its functionality and safety;
3. Advertising: the ones enabling to display personalized advertisements.

Information on the cookies used:

Cookie name	Description	Moment of setting	Expiration	Data used
PHPSESSID	Standard cookie used to support user session	Visiting a website	As soon as website window is closed	Unique identifier
p_popup_uh	The cookie is used to store information on the windows reviewed by a particular user and on the hidden pop-up windows	Visiting a website first time	1 year	Unique identifier
rated_[liczba całkowita]	The cookie is used to collect information on the responses marked by a particular user in a questionnaire for website content management system	Visiting a website first time	1 year	Unique identifier
C, cid, TPC, GCM, uid	The cookies create a random ID for each visitor of a website in order to identify the ones visiting repeatedly. The cookies help identifying habits of website users	Visiting a website first time	As soon as website window is closed or up to 60 days	Unique identifier
_utma, _utmb, _utmc	Google Analytics monitoring cookies. Information is sent to a server anonymously. The cookies identify unique users and monitor sessions of such users. For more information, please visit Google website.	Visiting a website first time	30 minutes, 6 months and 2 years, accordingly	Accounted IP addresses and unique ID numbers. Statistical result of accounting. Counter accounting managed by Google Analytics
_utmz	Google Analytics monitoring cookies. Information is sent to a server anonymously.	Visiting a website first time	As soon as browser window is closed	Accounted IP addresses and unique ID numbers. Statistical result of accounting. Counter accounting managed by Google Analytics
gtest, gdyn	The cookies are used to store information on the pages viewed by a particular user and visit duration, and can be used anonymously for identification of user characteristics based on their browsing habits	Visiting a website first time	5 years	Unique identifier
UID	The cookie collects information on the signed-in users and is used to identify unique users by attributing unique ID to each of them	Visiting a website first time	Up to 60 days	Unique identifier
adnKeyTarget…	The cookie collects information on the signed-in users and is used to identify unique users by attributing unique ID to each of them	Visiting a website first time	5 years	Unique identifier
ntsprnt	DMP group identifier	Visiting a website first time	Up to 30 days	Unique identifier
LimitatorInformer_Engine…	The cookie collects information on the signed-in users and is used to identify unique users by attributing unique ID to each of them	Visiting a website first time	1 year	Unique identifier
_vwu_uuid _vis_opt_test_cookie _vis_opt_exp_71_combi debug_vis_opt_s _vis_opt_s	The cookies collect user information and enable monitoring of their browsing habits	Visiting a website first time	3 months	Unique identifier
splitVar2	The cookie collects user information and is used for comparison of browsing habits	Visiting a website first time	2 years	Unique identifier
Inspectlet cookies: _insp_identity _insp_norec_sess _insp_nv _insp_ref _insp_slim _insp_targlptx _insp_targlpu _insp_uid _insp_wid	The cookies collect information on user activity browsing a website and using functions of the website (videos, forms, buttons, etc.). The cookies enable assessment of browsing experience and identification of website functionality shortcomings.	Visiting a website first time	1 year	Unique identifier
Google Tag Manager and Google Analytics cookies:
_dc_gtm_UA-4238681-1	The cookie collects information on user behaviour on a website and are used to optimize offers and present them on other websites	Visiting a website	8 hours	Unique identifier
_dc_gtm_UA-4238681-28	The cookie collects information on user behaviour on a website and are used to optimize offers and present them on other websites	Visiting a website	8 hours	Unique identifier
_ga	The cookie collects information on user behaviour on a website in order to store statistical information	Visiting a website first time	2 years	Unique identifier
_gat_UA-4238681-28	The cookie collects information on user behaviour on a website and are used to identify unique users by attributing unique ID to each of them	Visiting a website	8 hours	Unique identifier
viewedOuibounceModal	The cookie is used to display website questionnaires for users and ensure one-time display of a questionnaire to the same user	Visiting a website	As soon as website window is closed	Unique identifier

Without violation of legal provisions NORAMEDA can relate information received from cookies with personal information received by other means and thus manage your personal data.

NORAMEDA website can display hyperlinks to websites, products and services offered by third parties. Privacy policies of the relevant third parties shall apply to the services or products offered by the third parties through hyperlinks on NORAMEDA website.

Basic cookies used by Facebook:

Cookie name	Description	Expiration	Data used
fr	Used by Facebook to display series of advertising products like real-time rates of a third-party advertiser	Ends in 3 months	Unique identifier
dpr	Enables control of Share and Like buttons	Invalid at the end of a session	Unique identifier
reg_ext_ref	URL of the Facebook page visited first	Invalid at the end of a session	Unique identifier
reg_fb_gate	URL of the Facebook page visited last	Invalid at the end of a session	Unique identifier
reg_fb_ref	URL address of external Internet source (referrer)	Invalid at the end of a session	Unique identifier
wd	Browser window dimensions	Invalid at the end of a session	Unique identifier
datr	The datr cookie is set when an Internet browser gains access to facebook.com website (except of iframes social add-on) to help identifying suspicious logging in activity and guarantee user safety. For example, it is used to label doubtful activity like unsuccessful attempts to log in and create many trash accounts.	Ends in 2 years	Unique identifier
Presence	Dialogue status	Invalid at the end of a session	Unique identifier
xs	Session number and key	Ends in 1 month	Unique identifier
act	Timestamp and user actions counter	Invalid at the end of a session	Unique identifier

We hereby inform you that Facebook may use cookies, navigation signals and similar technologies to collect or retrieve information from websites and other Internet pages for the purpose of providing advertisement assessment and orientation services. Moreover, Facebook can collect or retrieve information from our website and use it for the purpose of providing advertisement assessment and orientation services.

For cookie usage policy by Facebook please visit the website at: https://www.facebook.com/policy/cookies/

If you are willing to contact Data Controller, you can do it using the contact information below:
Facebook Ireland Ltd.
4 Grand Canal Square
Grand Canal Harbour
Dublin 2 Ireland

For more information on personal data protection by Facebook please visit https://www.facebook.com/policy.php

Cookies used by Google:

We hereby inform you that Google uses cookies for the purposes described in the table above.

For cookie usage policy by Google please visit the website at https://policies.google.com/technologies/types?hl=pl.

If you are willing to contact Data Controller, you can do it using the contact information below:
Google Ireland Limited
Gordon House, Barrow Street
Dublin 4
Ireland

For more information on personal data protection by Google please visit https://policies.google.com/privacy?hl=pl

CHANGES TO PRIVACY POLICY

1. NORAMEDA shall be entitled to change the Privacy Policy unilaterally, either in part or in full, having informed you on such changes on NORAMEDA website.
2. If you disagree with management of your personal data following the new version of the Privacy Policy, you shall be entitled to exercise your rights in relation to personal data management listed above.
3. Supplements to and changes in the Privacy Policy shall become effective on the day they are published on NORAMEDA website.