23 APRIL 2018
GENESIS PHARMA S.A. (the “Company”) is committed to protecting your privacy and to controlling your personal data in a proportional, open, and transparent manner.
Your personal data includes any information that may lead, either directly or in combination with other information, to your identification or to your detection as a natural person. This category incudes, indicatively, elements such as full name, Tax Number, social security registry number, physical and electronic addresses, fixed and mobile phone numbers, email addresses, and any other information allowing your identification according to the provisions of the General Data Protection Regulation (GDPR 2016/679), as well as the applicable Greek legislation and the decisions of the Hellenic Data Protection Authority (HDPA).
1. GENESIS PHARMA S.A.
GENESIS Pharma started its activity in pharmaceutical biotechnology in 1997, at a time when the industry was still at an early development stage, not only in Greece but also in Europe. The company's goal was to combine the rapid progress in science with a successful and innovative business venture, thus paving the way for the creation of a new market. Working with consistency and dedication to this end, GENESIS Pharma became the first Greek pharmaceutical company specializing in the promotion, sales and distribution of biopharmaceutical products.
Headquarters – Registered Offices:
GENESIS PHARMA S.A.
270, Kifissias Avenue, 15232
Halandri – Athens
Tel.: 210 877 1500
Fax: 210 689 3877
2. Collection and Processing of Personal Data
We collect and process different types of personal data, which we get from existing and potential collaborators and clients, in person, or through third parties that allow us to access these personal data, having secured the consent of the data subjects.
We may also collect and process personal data from publicly accessible sources, such as, among others, lists of healthcare professionals, lists of association/union members, mass communication Media and the Internet, which we are legitimately acquiring and are permitted to process.
We do not collect personal data for individuals under 18 years of age for business purposes, as we understand the importance of privacy protection when it comes to minors, and we do not provide to them services associated with the information society.
3. Personal Data of Minors
Exclusively for the purpose of insuring the dependent members of our employees’ families and for the provision of additional benefits to them, we are collecting personal data on those minors and only under the condition that we have first secured the consent of their parents or legal guardian.
As mentioned above, we are committed to protecting your privacy and to controlling your data in an open and transparent manner; therefore, we process your personal data in accordance to the GDPR and the national legislation on data protection, for one or more of the following reasons:
4. Why do we process your personal data and on which legal basis?
A. For the execution of a contract
We process personal data in order to carry out business transactions and to offer products and services under the provisions of the contracts with our clients. The purpose of the processing of personal data depends on the requirements for each product or service; contractual terms and conditions provide further details regarding the relevant purposes.
B. For compliance with a legal or regulatory obligation
There are certain legal obligations arising from the relevant laws that are applicable to us, as well as from requirements pertaining to regulatory/legal provisions (e.g., article 31 par. 3 of Law 1316/83: “The organization or funding of congresses or seminars and any corresponding communication medium ... may be allowed only after prior approval of the National Organization for Medicines (EOF).
C. For reasons of protection of legitimate interests
We process personal data in order to secure the legitimate interests pursued by us or by third parties. Legitimate interest exists when we have a business or commercial reason for which we are using your information. But even then, this should not improperly conflict with what is right and best for you. Examples of such processing activities include the following:
- Measures and procedures which we undertake to ensure the security of the Information Technology Department and the Company’s system, the prevention of potential criminal acts, the security of our assets, the access control authorization and the measures against violations.
- Installation of observation systems (closed-circuit cameras – CCTV), e.g., at the entrance of our facilities, for the prevention of criminal acts or sabotage.
- Measures for the management of our activities and for the further development of products and services.
- Disclosure/exchange of your personal data within GENESIS PHARMA S.A., for the purpose of updating/verifying your personal data, in accordance to the relevant regulatory compliance plan
- Risk management by GENESIS PHARMA S.A.
- Legal claims and preparation of our defense in cases of legal dispute.
D. Because you have given your consent
If you have expressly given us your consent for the processing of your data, the legitimacy of such processing is based on this consent. You have the right to revoke your consent at any time. However, any processing of personal data that has taken place prior to receiving your revocation shall not be affected.
For reasons of fulfillment of our contractual, legal or regulatory obligations, your personal data may be forwarded to several of our Company’s departments. Furthermore, various service providers and foreign companies (vendors) may also receive your personal data, within the framework of fulfillment of our obligations. These service providers and vendors sign contracts with the Company, on the basis of which they undertake to maintain the confidentiality and the protection of data in accordance to the local data protection law and the GDPR.
5. Who are the recipients of your personal data?
We must emphasize that we may disclose data pertaining to you for any of the reasons mentioned above, or in case we are legally obligated to do so, or if you have given your consent. All parties contracted by us to process personal data on our behalf, are contractually bound to comply with the provisions of the GDPR.
Under the aforementioned circumstances, parties receiving personal data may be, for example:
- Supervisory and other regulatory and public authorities, to the extent that a relevant legal obligation exists. A couple of examples are EOF and law enforcement authorities.
- Credit and financial institutions for payment data
- External legal counselors
- Financial and business consultants
- Auditors and accountants
- Travel agencies
- Congress organization agencies
- Storage, filing, and/or file management companies
- Companies and systems for data storage/processing on the cloud (“Cloud Providers”)
- Webpage development and support companies
- Contract Research Organizations (CROs)
- Healthcare service providers
6. Personal data transmission outside the EEA
Your data may be transmitted to third countries [i.e., countries outside the European Economic Area], within the framework of cooperation with foreign companies, the products of which we are distributing or for which you have given us your consent to go ahead with the transmission. Individuals responsible for processing or those carrying out such processing in third countries are required to comply with European data protection standards, as well as to provide the appropriate assurances regarding the transmission of your data, in accordance to Article 46 of the GDPR.
In general, we do not use any automated decision-making process for the creation and conduct of a business activity. We may process some of your data in an automated manner, for the purpose of assessing certain aspects (limited profile creation), in order to sign or execute a contract with you, as for example in the following cases:
7. Automated decision making, profile creation
- Invitations to congresses and scientific events
- Selection on the basis of specialty for the introduction of a new medicinal product into the market
- Selection for invitations to participate in Medical Advisory Boards organized by foreign companies cooperating with GENESIS PHARMA S.A.
We may process your personal data for the purpose of informing you in relation to products, services, and suggestions that may interest you.
8. Marketing activities and profile creation for such activities
The personal data that we process to this end, consist of information that you provide to us and of data that we collect and/or deduce when there is activity on your part relative to our products and services, such as information regarding our cooperation. We study all such information, to form an opinion on what we consider that you may need or that might interest you. In certain cases, the creation of a limited profile is used, i.e., we are processing your data in an automated manner, with the purpose of evaluating certain personal elements, in order to provide you with targeted scientific information/education or marketing information pertaining to products and services.
We may use your personal data to promote our products and services only to you, if we have your explicit consent to this end, or if, in certain cases, we believe that we have a legitimate interest to do so.
You have the right to object at any time to the processing of your personal data for Marketing purposes, including the creation of a profile, by contacting the Company at any time, either in person or in writing.
We shall maintain your personal data for as long as we have a business, educational or other relationship with you [personally or in association with our transactions with a legal person, which you are authorized to represent].
9. For how long do we maintain your personal information?
After our business relationship with you is over, we may maintain your data for up to ten (10) years, in accordance to:
We may maintain your data for more than 10 years if we cannot delete them for legal or regulatory reasons.
- Pharmacovigilance (PHV) data maintenance requirements
- Tax details maintenance requirements
- Regulatory compliance requirements
- Personnel details maintenance requirements
We acknowledge the importance of the protection of privacy and all other personal information, and we use the appropriate technical measures, such as anonymization, pseudonymization, data encryption, firewalls, privacy by design and by default, but also organizational measures, such as strict policies for systems access, employee secrecy commitment, personnel training, periodic audits, etc.
10. Security of personal data
You have the following rights regarding the personal data we maintain on you:
11. Your rights
1. To have access to your personal data. This gives you the option, for instance, of receiving a copy of the personal data we maintain on you, and checking that we are processing such data in a legitimate manner. To be provided with the relevant copy, please send us a message at email@example.com
2. To request the correction of the personal data we maintain on you. This gives you the option of correcting any missing or inaccurate data we may maintain on you.
3. To request the deletion of your personal data [known as the “right to be forgotten”]. This enables you to request that we delete your personal data when there is no longer any legitimate reason to go on processing such data.
4. To object to the processing of your personal data [known as the “right to object”] when we are based on legitimate interest, but there is something special regarding your situation, which makes you want to object to such processing for this reason. If you submit an objection, we will no longer be processing your personal data, unless we may be able to prove the existence of compelling legitimate reasons for such processing, which override your interests, rights, and freedoms.
5. You also have the right to object in cases where we proceed with processing your personal data for purposes of direct marketing. This also includes the creation of a profile, to the extent that this is related to direct marketing. If you object to this processing for direct marketing purposes, then we shall stop processing your personal data for such purposes.
6. To request limiting the processing of your personal data. This allows you to request that we limit the processing of your personal data, i.e., use them solely for certain cases, such as when:
7. To request that you receive a copy of your personal data, in a structured, commonly used and machine-readable format, so that you can transmit such data to other organizations. You also have the right to request that your personal data be directly transmitted by us to other organizations that you will nominate [known as the right to the portability of data].
- they are inaccurate;
- they have been used illegally, but you do not wish us to delete them;
- they are no longer required, but you want us to maintain them to be used in potential legal claims;
- you have already requested that we stop using your personal data, but you are waiting for us to confirm whether we have legitimate reasons to use them.
8. To withdraw the consent that you have given us regarding the processing of your personal data at any time. Please note that any revocation of your consent shall not affect the legitimacy of the processing that has been based on such consent prior to its withdrawal or revocation by you.
To exercise any of your rights, or in case you have any further questions regarding the use of your personal data by us, you may contact the Company, or send us an electronic message at: firstname.lastname@example.org. You may also contact the Data Protection Officer of GENESIS PHARMA S.A. at email@example.com
If you have exercised any or all of your rights to data protection and you are still feeling that your concerns regarding the way we use your personal data have not been addressed by us to your satisfaction, you have the right to file a complaint at: firstname.lastname@example.org.
12. Right to file a complaint
You also have the right to file a complaint to the Hellenic Data Protection Authority (HDPA). You may find information on how to file complaints on the relevant website at http://www.dpa.gr/portal/page?_pageid=33,19035&_dad=portal&_schema=PORTAL
However, we recommend that you review this Policy from time to time, to always be updated on how we process and protect your personal information.
Our webpage uses small files, which are known as “cookies”, to be able to function better and to improve your experience.
To find out more about how cookies are used, please refer to our policy on cookies.
The nr. 2016/679 EU General Data Protection Regulation shall come into effect on May 25th, 2018. Until then, Law 2472/1997 regarding the Processing of Personal Data shall remain in effect.