The biological responses to exposure to a medicine vary from individual to individual. That is why not all the side effects (also known as adverse reactions) associated with the use of medicines can be detected during the clinical development prior to placing on the market.

The reporting of unwanted effects by healthcare professionals and citizens is an important tool for monitoring the safety of drugs available on the market and for improving knowledge of the relationship between benefits and risks of therapies.

Istituto Gentili collects and evaluates these reports in order to keep the information on the safety of the Company's medicines up to date, thereby fulfilling a specific legal obligation and contributing to the protection of public health.

Any adverse reaction / undesirable effect must be reported by the patient to his or her doctor or to the nearest Healthcare Facilities. Doctors / healthcare professionals will report the reaction / effect to the pharmacovigilance officer in charge.

Istituto Gentili Srl urges the use of the following channels to report adverse reactions / undesirable effects:


To contact the Istituto Gentili pharmacovigilance service, read the information on the processing of personal data.

Information on the processing of personal data for PHARMACOVIGILANCE

Istituto Gentili Srl (hereinafter, "Owner"), wishes to provide you with the following specific information relating to the methods of processing personal data pursuant to art. 13 of EU Regulation 2016/679 "GDPR" (hereinafter the "Privacy Policy").

  1. Data controller and contact details

The data controller is:

  • Istituto Gentili Srl with headquarters in via San Giuseppe Cottolengo n. 15, 20143, Milan, Italy, e-mail:
  • The Parent Company has appointed a Data Protection Officer (DPO) also for Istituto Gentili Srl, who can be contacted at this email address:


  1. Type of data processed and purpose of the treatment

The Data Controller will process personal data exclusively for the purposes strictly connected to the management of Pharmacovigilance, as required by law (Directive 2010/84 of the European Parliament and of the Council of 15 December 2010), and in particular for the purposes related to the management of the report (investigate the adverse event, compare the report with other reports of adverse events already received, provide the Authorities with any further information). The reference legislation requires ensuring that adverse events are traceable and available for follow-up, therefore, for the completed assessment of the report it will be useful to be able to contact the report author again.

For the purposes described, the Data Controller may process data:

  1. of the subject to whom the adverse event refers

personal data (initials of name and surname; age; date of birth; year of birth and the like) and details useful to reveal the state of health. The data will be pseudonymised (initials of name and surname), only the report author will have complete information about the patient.

  1. Of the physician / healthcare operator reporting the adverse event

personal data (full name and surname), profession and / or relationship with the subject to whom the adverse event refers, contact details. 

  1. Nature of data processing and legal bases

                The processing of personal data, as it is functional to the execution of the Pharmacovigilance activities the Owner is required to carry out:

  • it is necessary to fulfil a legal obligation to which the Data Controller is subject (art.6, 1 par., lett. c);
  • it is necessary for reasons of significant public interest based on Union or Member State law (art 9, II par., letter g; Legislative Decree 101/18 art. 2 sexies letter z);
  • it is necessary for reasons of public interest in the field of public health, such as protection from serious cross-border threats to health or the guarantee of quality, health safety, medicines and medical devices (art.9, II par., letter i)

Failure to provide data prevents the Data Controller from establishing and managing the relationship and from carrying out the consequent and necessary acts.

  1. Data processing methods and retention time

Personal data will be processed by using both automated tools and papers, for the time strictly necessary to achieve the purposes for which they were collected and, in any case, for the duration of the life cycle of the product to which the adverse event refers, and for a further 10 years from withdrawal from the market of the product itself.

When personal data are processed with IT tools, they are entered into an interconnected database system, accessible only by authorized agents. This system is protected by security measures (firewalls and other protections) suitable to minimize the risks of third party intrusion, deterioration of data and / or accidental destruction of the same; it is also constantly monitored by authorized managers. Security measures are constantly updated.

  1. Persons authorized to process data

The personal data will be processed by the Data Controller by means of his/her agents (belonging to the Pharmacovigilance office) and may be known by the subsidiaries / parent companies / investees related to the Data Controller.

Personal data may be communicated, for the purposes indicated above, to external persons specifically appointed as Data Processors, including, by way of example: those who carry out maintenance and assistance for the Database of adverse reactions and related services.

A list of the subjects appointed as Data Processors is present at the main office of the Data Controller.

The strictly necessary personal data will be communicated, where applicable, to the following categories of independent Data Controllers, who will process them exclusively for the purposes specified below, without being able to make other use of them:

  • authorities and public administrations, for the performance of institutional functions, within the limits established by law and regulations (Regulatory Authorities, AIFA; EMEA etc ...);
  • other pharmaceutical companies that hold marketing authorizations, for the fulfilment of legal obligations, within the limits established by pharmacovigilance agreements. 


  1. Transfer of data to third-party countries

The Data Controller processes personal data in EEA countries, but reserves the right to transfer personal data to a non-EEA country on the basis of the adequacy decisions of the European Commission. 

  1. Rights of the interested party

At any time the interested party will have the right to exercise the rights referred to in articles 15 and ff. of EU Regulation 2016/679, that is:

  1. to access personal data (art.15 GDPR);
  2. to obtain the rectification (art.16 GDPR) or the cancellation of the same (art.17 GDPR) or the limitation of the processing (art.18 GDPR) that concerns the interested party;
  3. to oppose the processing (art.21 GDPR);
  4. to data portability (art.20 GDPR);
  5. to withdraw consent (where provided), at any time, without prejudice to the lawfulness of the treatment based on the consent given before the revocation (art.7, par. 3 GDPR);
  6. to lodge a complaint with the supervisory authority (Privacy Guarantor) (art. 77 GDPR).


To exercise the aforementioned rights, make a report or receive information on how personal data is processed, requests can be made by writing to Istituto Gentili Srl., Via San Giuseppe Cottolengo n. 15, 20143, Milan or to the following email address: or