top of page

Política de privacidad

START

This website belongs to DEUTSCHE PHARMA SAC , identified with RUC No. 20499935286 (hereinafter, “DPSAC”), with legal address at Calle La Habana No. 192, Int. 501 (Interior 501 - Interior 601), San Isidro, Lima, Peru.

 

This document establishes the Privacy Policy, which describes the treatment that DPSAC carries out on the personal data collected through this website and other enabled digital channels, in accordance with Law No. 29733, Personal Data Protection Law, its Regulation approved by Supreme Decree No. 016-2024-JUS, and other applicable regulations.

 

DPSAC reserves the right to review, modify, and update this Policy at any time, unilaterally and without prior notice, always in strict compliance with current regulations. Modifications will be published on the website [ www.deutschepharma.com.pe ], so periodic review is recommended.

I. DEFINITIONS

For the purposes of this Policy, the terms detailed below shall have the meaning indicated, without prejudice to the definitions established in Law No. 29733 – Personal Data Protection Law and its Regulations:

 

  • Personal Data: Any information about a natural person that identifies or makes them identifiable through reasonably used means.

 

  • Sensitive Data: Personal data consisting of biometric, ideological, religious, philosophical or political opinion information; data relating to health, sex life or information that, by its nature, may affect the privacy of the holder or give rise to discrimination.

 

  • Processing of Personal Data: Any operation or technical procedure that allows the collection, recording, organization, storage, preservation, processing, modification, communication, transfer or cancellation of personal data.

 

  • Personal Data Holder: Natural person to whom the information being processed corresponds.

 

  • Personal Data Bank: An organized set of personal data, automated or not, that is under the control of DPSAC.

 

  • Data Processor: Natural or legal person who processes personal data on behalf of and under the instructions of DPSAC.

 

  • Cross-border flow of personal data: Transmission of personal data outside the national territory to countries that offer adequate levels of protection, in accordance with current regulations.

 

  • National Authority for the Protection of Personal Data: Body of the Ministry of Justice and Human Rights responsible for ensuring compliance with regulations on the protection of personal data in Peru.

II. SCOPE

This Privacy Policy applies to the processing of Personal Data carried out by DPSAC regarding the personal information of its employees, applicants, clients, suppliers, visitors, health professionals and other persons whose data is under its custody.

 

The processing is carried out in compliance with Law No. 29733 – Personal Data Protection Law, its Regulation approved by DS No. 003-2013-JUS, and DS No. 016-2024-JUS, which approves the Single Ordered Text of the aforementioned Law and Regulation, as well as the provisions issued by the National Authority for Personal Data Protection.

III. WEBSITE INFORMATION

The content of this website is for general information purposes only. DPSAC is not responsible for the use that users make of the information published here for medical, commercial, or any other type of decision-making.

IV. PROCESSING OF PERSONAL DATA

1. Identification of the Data Bank Owner and Controller


DPSAC is the owner of the personal data banks named:

 

  • “Employees” personal data bank, intended for human resources management, occupational health and safety, training, performance evaluations, and social welfare activities.

  • “Doctors” personal data bank, intended to collect information from health professionals for the promotion of pharmaceutical products and the development of informative and marketing activities related to the pharmaceutical sector.

  • Personal data bank [***].

All data banks are duly registered before the National Authority for the Protection of Personal Data.

 

2. Guiding Principles


The processing of personal data by DPSAC is governed by the following principles:

  • Legality: Processing is carried out in accordance with the law, without resorting to fraudulent, unfair, or illegal means.

  • Consent: Processing is carried out with the free, prior, express, and informed consent of the owner, except for exceptions provided by law.

  • Purpose: Personal data are collected for specific, explicit, and lawful purposes, which are informed to the owner.

  • Proportionality: Only data that are strictly necessary, adequate, and relevant in relation to the purpose of the processing are collected.

  • Security: DPSAC adopts appropriate technical, organizational, and legal measures to guarantee the confidentiality, integrity, and availability of personal data.

  • Quality: The personal data processed must be true, accurate, updated and, where appropriate, rectified or deleted.

  • Availability and Confidentiality: Personal data are maintained under conditions that ensure their exclusive use for authorized purposes and their availability to the owner.

3. Information Collected
 

DPSAC may collect personal data through digital forms, emails, surveys, training programs, welfare activities, application records, or participation in events.

 

Personal data may include, among others: first and last names, ID number, address, telephone number, email address, occupation, medical specialty, workplace, among other data necessary for the purposes detailed below.

4. Purposes of Processing


The personal data collected will be processed for the following specific purposes:

  • Employees” data bank: 

Manage selection, hiring, and training processes, performance evaluations, social welfare activities, and compliance with legal obligations regarding labor, safety, and health at work. Carry out internal communication actions and administration of corporate benefits.

  • Doctors” data bank: 

Promote the acquisition, knowledge, and responsible use of DPSAC pharmaceutical products. Carry out marketing activities, medical visits, invitations to events, congresses, or training. Maintain an updated database of health professionals linked to the company's commercial activities.

  • Data bank [***]

5. Transfer and Cross-Border Data Flow


For the fulfillment of the purposes described above, DPSAC may share or transfer personal data to third parties, national or foreign, acting as processors and having appropriate security measures.

 

DPSAC may transfer personal data locally and internationally to companies belonging to its business group, as well as to third parties such as technology platforms or electronic storage and communication service providers located outside the national territory, such as:

Recipient country

Name

Identification document number of the receiving entity

Purpose

x

x

x

x

x

x

x

x

x

x

x

x

x

x

x

x

Likewise, DPSAC may transfer personal data to legally empowered public entities within the scope of their competencies in compliance with current or future regulations or at their request. It may also outsource the processing of personal data for which it is the controller, or which are part of the personal data banks it owns, to legitimate providers.

 

DPSAC will ensure that such transfers comply with the standards established by Peruvian personal data protection regulations, taking appropriate security measures to provide protection to the information collected and ensuring that it is used for the purposes authorized by the personal data owner.

6. Security Measures


DPSAC has implemented the technical, organizational, and legal measures necessary to guarantee the confidentiality and integrity of personal data, preventing its loss, alteration, unauthorized access, or processing. Likewise, it will require third-party processors to comply with the same standards of security and confidentiality.

7. Exercise of ARCO Rights


Personal data owners have the right to exercise their ARCO rights, as well as to revoke their consent for the processing of their personal data, which include:

  • Right of Access: Allows the owner to know and obtain information about the personal data being processed by DPSAC.

  • Right of Rectification: Empowers the owner to request the update, inclusion, or modification of their personal data when it is partially or totally inaccurate, incomplete, or outdated.

  • Right of Cancellation: Authorizes the owner to request the deletion or removal of their personal data from DPSAC's data banks when it is no longer necessary for the purpose for which it was collected, the processing period has expired, or the consent granted is revoked. Approved deletion will apply to all corporate databases and business systems of DPSAC where personal data is located, except in cases where conservation is mandatory by legal, contractual, or regulatory mandate.

  • Right of Opposition: Allows the owner to oppose, for justified and legitimate reasons, the processing of their personal data or to revoke their consent for specific purposes.

To exercise these rights, the owner must submit a written request accompanied by a legible simple copy of their National Identity Document (DNI) or equivalent document to the following email address: [arco@dpsac.com.pe].

 

DPSAC will address requests within the timeframes provided by Law No. 29733 and its Regulations.

8. Data Retention


Personal data will be kept for the time necessary to fulfill the purposes of its processing and the applicable legal provisions. Once said period has concluded, they will be securely deleted or anonymized.

9. Digital Consent


DPSAC may obtain the owner's consent through digital means, provided that it is prior, informed, express, and unequivocal, in accordance with Law No. 29733 and its Regulations. To this end, consent may be registered through the following mechanisms:

  • Checkboxes: The owner manifests their agreement by voluntarily marking the corresponding box, which will not be pre-checked and will allow for the accreditation of a clear affirmative act.

  • Banners or consent notices: In cases where pop-up notices or banners are displayed, the owner must explicitly accept the processing before continuing with the use of the service or functionality.

  • Digital forms: Consent may be collected through electronic forms in which the owner provides the requested information and accepts the processing conditions.

  • Electronic records of acceptance: DPSAC will store electronic evidence to prove the owner's manifestation of will (date, time, IP address, registration method, version of the accepted privacy policy, or other pertinent information).

DPSAC will implement technical and organizational measures to guarantee the traceability of consent, as well as its update, revocation, or replacement when applicable.

10. Changes to the Privacy Policy


DPSAC reserves the right to update or modify this Privacy Policy at any time. Any modification will be published on the website [www.deutschepharma.com.pe]. We recommend periodically reviewing this Policy to stay informed about the most recent updates.

Last update: November 19, 2025.

bottom of page