Plasmafabriek Sanquin

Privacy statement Prothya Biosolutions Netherlands B.V.

edition july 2021

This privacy statement was last updated in July 2021 and overrides previous versions. Prothya Biosolutions Netherlands B.V.  (“Prothya”) may amend this privacy statement from time to time. Prothya Biosolutions Netherlands B.V. will keep you up to date with any changes by placing a revised version of the statement on our website.

From plasma to medicines - it's everyone's business

 Prothya processes the plasma collected from, among others, Sanquin Blood Bank donors into medicines. These plasma medicines are intended for people with illnesses such as blood clotting and immune diseases and for people who have come into contact with hepatitis A and B, for example.

Which personal data does Prothya collect, how and for which purposes?

Prothya holds the personal data of patients, customers, practitioners, employees and associates, as well as information on plasma donations. The data may be confidential or sensitive. In any case, all of the data is personal. Examples of this data are:

  • name, address and telephone number to be able to contact an associate;
  • the identification number of a plasma donation, to be used for the manufacturing of medicines.

Prothya collects data that you have supplied to us yourself as a patient, customer, practitioner employee or associate and Prothya may obtain data from third parties such as practitioners.

Prothya uses this personal data for the following purposes:

  • managing donations from which medicines can be manufactured;
  • managing the safety of produced and to be produced medicines;
  • handling and dealing with complaints and adverse events;
  • conducting, registering and reporting clinical research;
  • maintaining a register of associates;
  • maintaining a register of staff.

Additional information about the processing of your personal data

How does Prothya ensure that your data is safe and how long does Prothya store personal data? 

Prothya takes the necessary technical and organisational measures to guarantee that your personal data is well protected, for example against unauthorised or unlawful use, modification, unauthorised access or disclosure, accidental or unlawful destruction and loss.

Additional information about who can access your personal data

The general rule is that Prothya stores personal data for as long as it is needed, but not longer than five years, unless this is required in order to meet statutory obligations. There is a statutory retention period for some data laid down in Dutch and European pharmaceutical legislation.

Does Prothya disclose data to third parties?

The nature of its activities means that Prothya may share your data with third parties such as the European Medicines Agency (EMA). There are also institutions that monitor and test Prothya’s operations, such as the Health and Youth Care Inspectorate (Inspectie voor de Gezondheidszorg en Jeugd, IGJ). Employees at this institution can also view the data.

In certain cases, Prothya may share your personal data with trusted third parties for the performance of certain technical and other services, e.g. hosting providers and telephone support services. All such third parties are obliged to adequately protect your data and only to process it in accordance with our instructions. Prothya has a written contract with each of these parties, in which these matters are settled.

Prothya may also share aggregate data, which is not traceable to the person, with third parties. Prothya makes sure that this non-personal information cannot be traced back to specific individuals. In addition, Prothya may share your personal data with supervisory bodies and investigatory bodies if Prothya is legally required to do so.

What are your rights?

As a patient, customer, practitioner, (former) employee or associate you have the right to access your personal data registered by Prothya, to have rectified inaccurate data and, in certain cases, to have your data removed.

You also have the right, in certain cases, to request a restriction of or to lodge an objection to the processing of the data and to request data portability.

To make sure that it is you requesting your data, Prothya asks you to provide proof of identity with a valid identity document.

When you have given consent for your personal data to be used, you may always revoke your consent. From that moment Prothya will not collect any new personal data. Prothya has the right to continue processing your data, which has been collected before you revoked your consent.

Additional information about the access to your own personal data

Contacting Prothya

If you have a question, you can contact us at:
Prothya Biosolutions Netherlands B.V.
At the attention of Prothya Privacy Officer
PO box 9190
1006 AD Amsterdam
[email protected]

If you believe that Prothya does not comply with the above rules or does not do so adequately, or if you want to submit a complaint for another reason, please contact us via above PO box or mail.

Alternatively, you can submit a complaint to the Autoriteit Persoonsgegevens (AP). This is the independent Dutch supervisory body that monitors compliance with the statutory rules for the protection of personal data. You can contact the AP at:

Autoriteit Persoonsgegevens
Postbus 93374
2509AJ Den Haag
Tel.: +31 (0)88 – 1805 250

Prothya's Data Protection Officer (DPO) advises and informs Prothya on data protection, and monitors data protection compliance by Prothya. You can contact the Data Protection Officer at Prothya by this form