Article 38Data protection and data ownership
1.Manufacturers, marketing authorisation holders, wholesalers and persons authorised or entitled to supply medicinal products to the public shall be responsible for any data generated when they interact with the repositories system and stored in the audit trail. They shall only have ownership of and access to those data, with the exception of the information referred to in Article 33(2) and the information on the status of a unique identifier.
2.The legal entity managing the repository where the audit trail is stored shall not access the audit trail and the data contained therein without the written agreement of the legitimate data owners except for the purpose of investigating potential incidents of falsification flagged in the system in accordance with Article 36(b).