
Privacy Notice
for the Processing of Personal Data on the schizophrenia.life website
In this section
(Last updated: 06 July 2026)
The purpose of this Privacy Notice (“Notice”) is to provide information regarding how Gedeon Richter Plc. and Recordati Industria Chimica e Farmaceutica S.p.A. process personal data relating to visitors and users of the schizophrenia.life website (“Website”), in accordance with Regulation (EU) 2016/679 (“GDPR”) and applicable national data protection laws.
The Website is intended for a general audience. We do not knowingly collect personal data from children under the age of 16. Individuals under the age of 16 should not provide personal data through the Website without the involvement of a parent or legal guardian. If we become aware that personal data of a child under the age of 16 has been collected unintentionally, we will take appropriate steps to delete such data.
This Privacy Notice should be read together with the Website Terms of Use and the Cookie Notice, which provide further information regarding the use of the Website and the technologies implemented on it.
We may amend this Privacy Notice from time to time to reflect changes in legal requirements, our processing activities or the functionality of the Website. Any updates will be published on this page together with the revised “Last Updated” date.
The Website may contain links to third-party websites or applications. Such third parties operate independently from us and are responsible for their own privacy practices. We encourage you to review their privacy notices before providing any personal data.
| JOINT CONTROLLERS | Gedeon Richter Plc. (seat: 1103 Budapest, Gyömrői út 19-21.; Company Registration Number: Cg. 01-10-040944; hereinafter “Richter”) and Recordati Industria Chimica e Farmaceutica S.p.A. (seat: Via M. CIVITALI, 1 – 20148 Milano, Italy; company registration number: 00748210150; hereinafter “Recordati” – Richter and Recordati are each a “Company” and together are “Companies”, “we”, “our” or “us”) act as Joint Controllers within the meaning of Article 26 GDPR in relation to the operation and management of the schizoprenia.life website (hereinafter “Website”) and the related processing of personal data described in this Notice. |
| THE ESSENCE OF THE JOINT CONTROLLER ARRANGEMENT BETWEEN THE COMPANIES |
The Joint Controllers have entered into an arrangement pursuant to Article 26 GDPR defining their respective responsibilities for compliance with applicable data protection requirements. The Joint Controllers are jointly responsible for providing information to data subjects and ensuring compliance with the transparency obligations set out under Articles 13 and 14 GDPR, including the DocCheck authentication information and any information provided during newsletter mailing list sign-up. We have agreed that each of us who holds the exclusive license to the respective market and sale products in a country under the exclusive licence agreement between us is responsible for fulfilling data subject requests originating from that country. Data subjects may exercise their rights against either Joint Controller. The Joint Controllers have agreed on internal responsibilities for handling data subject requests; however, data subjects may contact either Joint Controller at any time. We have agreed that they are each responsible for having in place procedures to ensure a compliant legal basis for processing personal data, to handle security breaches, to conduct data protection impact assessments, to manage data subject access requests and to implement appropriate technical and organizational security measures to protect the personal data against accidental or unlawful destruction, loss or alteration and against unauthorized disclosure, abuse or other processing in violation of the provisions laid down in the applicable data protection laws. Each of us is entitled to use data processors as part of the joint processing. Where personal data is transferred outside the European Economic Area (“EEA”), such transfers shall take place only where an appropriate transfer mechanism under Chapter V GDPR has been implemented, including an adequacy decision, Standard Contractual Clauses or other legally recognised safeguards. |
| WHAT IS THE PURPOSE OF PROCESSING THE DATA? | We process personal data for the following purposes:
|
| WHAT PERSONAL DATA WE PROCESS ABOUT YOU? | Depending on how you interact with the Website, we may process the following categories of personal data:
Where personal data is requested from you directly, the provision of such data is voluntary unless otherwise indicated as necessary for the provision of a specific service or functionality. |
| THE LEGAL BASIS FOR PROCESSING YOUR PERSONAL DATA |
The categories of personal data processed, and the applicable legal bases generally include the following: Website operation, security and administration Categories: Website visitor data + Healthcare professional authentication status Legal basis: Legitimate Interests (Article 6(1)(f) GDPR) Website analytics and performance monitoring Categories: Analytics data Legal basis: Consent (Article 6(1)(a) GDPR), where analytics cookies or similar technologies require consent under applicable law Newsletter subscriptions and professional communications Categories: Newsletter subscription data Legal basis: Consent (Article 6(1)(a) GDPR) Pharmacovigilance reporting Categories: Personal data provided through dedicated pharmacovigilance reporting channels Legal basis: Legal Obligation (Article 6(1)(c) GDPR) |
| OUR LEGITIMATE INTEREST |
Where we rely on Article 6(1)(f) GDPR as the legal basis for processing, we have assessed our legitimate interests and balanced them against the interests, rights and freedoms of data subjects. We consider that the processing activities described below are necessary for our legitimate purposes and do not disproportionately impact the privacy rights of Website users. Website operation, security and administration We have a legitimate interest in ensuring the functionality, security, stability and proper administration of the Website. This includes the processing of technical and usage data necessary to provide Website content, maintain information security, prevent misuse, troubleshoot technical issues and improve the overall user experience. Analytics technologies that require consent are not used on the basis of legitimate interests. Such processing takes place only where the user has provided the required consent through the cookie management tool. Further information regarding our legitimate interests may be requested using the contact details provided in this Privacy Notice (please find our contact information at the contact page). |
| HOW LONG DO WE KEEP YOUR PERSONAL DATA? |
We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, including for the establishment, exercise or defence of legal claims and compliance with applicable legal or regulatory requirements.
When determining the appropriate retention period, we take into account the nature, scope and sensitivity of the personal data, the purposes of processing, the potential risks associated with the processing and applicable legal, regulatory and business requirements.
Where possible, personal data may be anonymised so that it can no longer be linked to an identifiable individual. Anonymised information may be retained and used for statistical, analytical and administrative purposes.
Unless a different retention period is required by law or justified by a specific processing purpose, personal data is retained according to the following general principles:
|
| WHO MAY HAVE ACCESS TO YOUR PERSONAL DATA? | We may share personal data with selected recipients where necessary for the operation of the Website, compliance with legal obligations, protection of our rights and interests, or where otherwise required or permitted by applicable law. We may engage carefully selected service providers acting as data processors on our behalf. Such service providers may provide IT, hosting, website maintenance, analytics, communication or other support services. Where required, appropriate contractual arrangements are put in place to ensure that personal data is processed only on our documented instructions and subject to appropriate confidentiality and security obligations. Personal data may also be disclosed where necessary to competent authorities, courts, regulators, law enforcement agencies, external legal advisers or auditors where required by law or where necessary for the establishment, exercise or defence of legal claims. Where personal data is transferred outside the European Economic Area (“EEA”), such transfers take place only where an appropriate transfer mechanism under Chapter V GDPR is available, including an adequacy decision adopted by the European Commission, Standard Contractual Clauses or other legally recognised safeguards. As of the date of this Privacy Notice, the Joint Controllers may engage the following service providers in connection with the operation and support of the Website:
|
| YOUR RIGHTS |
Subject to the conditions and limitations set out in applicable data protection laws, you may exercise the following rights in relation to your personal data:
– for Richter: the Hungarian National Authority for Data Protection and Freedom of Information (Nemzeti Adatvédelmi és Információszabadság Hatóság – NAIH; seat: 1055 Budapest, Falk Miksa utca 9-11; website: www.naih.hu; phone: +36-1-391-1400; email address: [email protected]; fax: +36 1 391 1410);
– for Recordati: the Italian Data Protection Authority (Garante per la protezione dei dati personali) – seat: Piazza Venezia 11 – 00187 Roma; phone: +39-06-6967 71; fax: +39-06-6967 73785; Certified mail: [email protected]; email: [email protected]); – or with the supervisory authority in the EU Member State of your habitual residence, place of work or place of the alleged infringement. |
| DATA PROTECTION OFFICERS |
For questions regarding this Privacy Notice or the processing of your personal data, you may contact the Joint Controllers using the contact details available on the Website (contact page) or contact the relevant Data Protection Officer directly. Data subjects may exercise their rights and submit privacy-related requests to either Joint Controller. Gedeon Richter Plc. has appointed a Data Protection Officer who can be contacted at: [email protected] Recordati Industria Chimica e Farmaceutica S.p.A. has appointed a Data Protection Officer who can be contacted at: [email protected] |