iGRO Privacy Policy

Individual Growth Response Optimization (iGRO) is a web-based tool developed by and on behalf of Pfizer Inc. for use by endocrine clinics (which may be sole practitioners, partnerships, incorporated bodies or other types of practice) (Clinics) and their authorised personnel (End Users) to predict growth outcomes in children treated with growth hormone.

Under EU and Swiss privacy laws, each Clinic will be the data controller in respect of all patient data submitted and used in iGRO and of all End User data. Pfizer Limited (‘Pfizer UK’) will be a data controller in common in respect of the End User data.

Pfizer Inc. and other relevant Pfizer affiliates are jointly referred to in this Privacy Policy as ‘Pfizer’.

In order for Clinics and Pfizer to discharge their respective responsibilities under EU and Swiss privacy laws, this Privacy Policy sets out how information that is submitted in connection with the use of iGRO will be treated.

BY USING iGRO AND ENTERING PERSONAL DATA USING THE iGRO TOOL, YOU CONFIRM THAT YOU HAVE MADE EACH PERSON, WHOSE PERSONAL DATA WILL BE / HAVE BEEN SUBMITTED BY OR ON BEHALF OF YOUR CLINIC, AWARE THAT THEIR PERSONAL DATA WILL BE PROCESSED IN ACCORDANCE WITH THIS PRIVACY POLICY AND ALSO CONFIRM THAT THEY HAVE CONSENTED TO SUCH PROCESSING.

(1) Personal data collected and used in iGRO

iGRO may store and otherwise process the following kinds of personal data as submitted by Clinics:

End User data

Patient data

Email address

Patient ID – this is the tracking number from the clinic

Password

Patient initials

Clinic

Date of birth

Name

Gender

Surname

Gestational age (for idiopathic growth hormone deficiency [IGHD] only )

 

Birth weight

 

Parents’ heights

 

Diagnosis

 

Pubertal status and age of onset

 

Height

 

Weight

 

Bone age

 

Maximum GH peak (optional for IGHD only)

 

Treatment start date

 

GH dose

 

Number of injections administered per week

 

Status of oxandrolone treatment (for Turner syndrome [TS] only)

 

Visit information

(2) Cookies

The iGRO tool employs two cookies. A cookie is a file containing an identifier (a string of letters and numbers) that is sent by a web server to the web browser and stored by the browser on your hard drive. The identifier is then sent back to the server each time the browser requests a page from the server. This enables the web server to identify and track the web browser.

iGRO only stores anonymous and privacy compliant cookies. Cookies are not linkable to the End User or Patient personal data.
The two cookies stored by iGRO are:

  1. A session cookie
    Named for example "SESSc81e2429a611c7853e44eba4be44e134"
    with a value like "Ur9rDZxy3v981Pa9a9xwzEvHfaSf7I_24ZKnCXNR36o",
    so fully anonymous and compliant with privacy rules. Session cookies will be deleted from your computer when you close your browser.

  2. A cookie named "has_js" with a value "1" or "0", which is used by the tool to memorize browser's policy about the use of Javascript.

Most browsers automatically accept cookies but you can usually change your browser to prevent cookies being stored. For further information on cookies and how to switch them off visit www.allaboutcookies.org.

PLEASE NOTE, IF YOU DO TURN COOKIES OFF, THIS WILL LIMIT THE SERVICE WE ARE ABLE TO PROVIDE AND MAY AFFECT YOUR USER EXPERIENCE.

(3) Use of personal data

Each Clinic will be the data controller in respect of all Patient data submitted and used in iGRO and of all End User data.

Pfizer UK will be a data controller in common in respect of the End User data. Pfizer UK has no requirement for, and does not expect to receive, any patient identifiable personal data. Pfizer UK may use Clinic and End User email addresses:

(a) for the registration and administration of Clinic / End User accounts and providing access to authorised End Users;

(b) to track and assess use of iGRO by aggregated and anonymous data;

(c) to send notifications of application outages or updates (including suspensions of End User accounts and withdrawal of iGRO);

(d) to respond to requests for support; and

(e) to record details of which End User account has been used to create, view and update any patient records and/or End User data.

Pfizer UK will act as a data processor in respect of all encrypted Patient data. Third party service providers, the Clinics, and the End Users are not required or expected to share any Patient personal data with Pfizer.

Pfizer will receive only the following aggregated statistics:

  • the number of End Users using iGRO in each country;

  • the number of patients with whom iGRO has been used; and

  • metrics on each indication (i.e. the number of patients who have been diagnosed with either IGHD, TS and small for gestational age and with whom iGRO has been used).

Pfizer will use the aggregated statistics on the data held in iGRO in order to assess how iGRO is used and to improve its functionality and performance. The Clinic’s appointed service provider will aggregate the data and will provide only aggregated statistics to Pfizer. Pfizer has no requirement for, and does not expect to receive, any patient identifiable personal data.

It is the Clinic’s responsibility to notify End Users and Patients of the Clinic’s AND PFIZER UK’s RESPECTIVE statusES as data controller and to explain to End Users and Patients how their personal data will be used and protected.

(4) Data security

Pfizer UK takes the security of personal data very seriously and employs security technology, including firewalls to safeguard information and has procedures in place to ensure that the systems used to host, maintain and support iGRO are protected against unauthorised access.

All End User data (except for the email address) is encrypted using Secure Sockets Layer (SSL) once the End User has keyed it into the iGRO application and clicked ‘save’.

All Patient data is encrypted using Secure Sockets Layer (SSL) once the End User has keyed it into the iGRO application and clicked ‘save’.

(5) Use of service providers

Pfizer will use third party service providers to provide the iGRO tool and service, including the hosting of iGRO (including its supporting databases), for providing maintenance and support services, and to act as a technical support function to End Users of iGRO.

The Clinic’s appointed service provider will aggregate the data submitted to iGRO and will provide the aggregated statistics only to Pfizer as described in this Privacy Policy.

In all cases, Pfizer has taken measures to ensure that all End User data and Patient data are properly protected in accordance with this Privacy Policy and are kept entirely within the European Economic Area and/or Switzerland.

(6) Policy amendments

Privacy laws and practice are continually developing and Pfizer aims to meet high standards. Our policies and procedures are, therefore, under continual review. We may, from time to time, update this Privacy Policy and suggest you check this page periodically to review our latest version.

We may also notify Clinics and/or End Users of changes to our Privacy Policy by email. Continued use of iGRO after a new version of the Privacy Policy has been uploaded to iGRO will indicate the Clinic’s / End User’s approval of and consent to the new version.

(7) Third party websites

Where the website contains links to other websites or services that are owned or controlled by third parties, neither Pfizer nor any or its service providers are responsible for the privacy policies or practices of those third party websites or services. The Clinic and/or its End Users should check that the policies and practices are acceptable to them before use.

(8) Updating and correcting personal data

End Users are required to update and correct their profile information using the iGRO ‘Profile’ section of the iGRO tool. It is the Clinic’s and its End Users’ responsibility to ensure that Patient data is accurate and up-to-date.

(9) Contact

If you have any questions about this Privacy Policy or the treatment of personal data, please use the contact form on the ‘Support’ page of the iGRO tool.

(10) Access to personal data

Each End User has the right to access any personal data of which he or she is the data subject. Requests for access should be directed to the relevant data controller being either:

  • the Clinic or

  • Pfizer Limited, Walton Oaks, Dorking Road, Tadworth, Surrey, KT20 7NS, UK. Requests to Pfizer Limited can also be directed to [add name and address of local Pfizer Country Office].

iGRO is developed, funded and provided by Pfizer Ltd as a service to medicine to improve patient care