Personal Data Protection Declaration
Of PHARMEX S.A.
“PHARMEX TECHNICAL, TOURISM, COMMERCIAL AND INDUSTRIAL COMPANY” with trading name “PHARMEX S.A.” domiciled in Peristeri, Attiki, 132 Kifisou Avenue, a leading company in the field of dermatological and cosmetic products, maintains long standing partnerships as the exclusive importer of high quality cosmetic care, that satisfy even the most demanding consumer, as well as Health professionals, Pharmacists and Dermatologists, who know exactly what results they desire.
The implementation of a dynamic and well staffed business model ensures the success of the company’s activities. Through partnerships with multinational corporations in the medical-pharmaceutical field and with producers of global reach, Pharmex SA drives the research and development of innovative products.
The protection of personal data of clients, suppliers, associates, employees and other natural persons connected with the company, that are being processed within the scope of the company’s activity, is a high priority for us and therefore these data are being processed in accordance with the provisions of the General Data Protection Regulation (GDPR 2016/679) as in force since the 25th of May 2018, and in accordance with the domestic Greek law regarding the protection of personal data.
1. Data Processing Controller
“PHARMEX TECHNICAL, TOURISM, COMMERCIAL AND INDUSTRIAL COMPANY” with trading name “PHARMEX S.A.” (here after the “Company”) is processing personal data of the persons doing business with it and, according to the law in force, is your Personal Data Processing Controller, within the scope of this Personal Data Protection Declaration.
2. What are the personal data that we collect and what are the purposes of their processing.
Personal data are those data that may be used for determining the identity of or communication with a natural person as well as other information that relates to said person and can identify it.
The Company collects personal data of the visitors/users of its website, only if they are voluntarily willing to provide said data for the purpose of being able to use on line services. It also complies and processes personal data that has legally obtained from other sources and is allowed to process.
Personal data about you are not transmitted or processed outside the European Union.
The Company may compile and process personal data of:
Name, telephone, e-mail, client’s code number, user’s code number, address, area, postal code, prefecture, Data included in the Application for grant and/or participation in a scientific event & Consent Form: name, Social Security Number, Specialty, Employment Agency, Address, Number, Postal Code, City, e-mail, seal and signature for the purpose of creating a data base targeting the market and for the participation in scientific events according to the provisions of the Circulars issued by the National Organization for Medicines and other national regulatory authorities.
Health Professionals and Clients/Product Users
Name, attending physician’s data and other data included in the related forms, for the purpose of providing medical information on the products, complaint management and notice of undesirable effects within the scope of Pharmacovigilence according to the legal requirements, and after having been informed and having consented.
Employees of donation acceptance agencies
Name, employment position, telephone number, e-mail, identity data, address, for the purpose of managing and entering into a donation acceptance contract, after having been informed.
Our website’s visitors/Compilation via cookies
When you use our website to browse our products and services and see the information that is available, third party cookies are being used to allow the website to operate, to collect useful information for the visitors and to help for a better user experience.
Our website uses only third party cookies – third parties are placing them in the computer, again with your consent. These cookies appear below:
|It helps collect anonymous statistical data on the number and behavior of the visitors
|Marketing – Remarketing
|It helps to the correct promotion through the Google AdWords
|Marketing – Remarketing
|It achieves better control on the marketing results
During any visit of a user to the Company’s site, the website that the user sees along with any cookies that they may contain, are downloaded to the user’s device. Cookies are text files with a unique identification code number, through which, the Company’s server recognizes the user’s computer. Cookies record only the areas of the site that the user has visited and the time of visit and are called First-party cookies and include session & persistent cookies:
Session cookies, i.e. session cookies that remain in the cookies file of the navigation program of your device only during your visit and are deleted when you close the navigation program. They are intended for the visitors (visitor’s basket) and for the connected clients (to maintain their connection) until expiration of the cookie (until deletion by the browser for visitors and two hours for connected users).
Persistent cookies that remain in the cookies file of your device’s navigation program even after the navigation program is closed, sometimes for a year or more (the exact duration depends on each cookie’s life time) up until the cookie is deleted from the user’s device. Persistent cookies are used so that we can remember the user’s name or preferences in terms of website’s configuration.
The user may, at any time, set up his computer to accept cookies, to be notified when a cookie is issued or to reject cookies. In case that the user has set his browser (Firefox, Chrome, Opera, Safari, e.tc.) to reject cookies, he may navigate in the Company’s website unanimously, until the moment he registers for any of its services, at which point acceptance of the cookies is mandatory.
Cookies settings for browsers and devices
In order to set up your cookies, please select your browser from the following list and follow the instructions:
If your do not agree with above described personal data processing policy, you are required not to use the services of this website and to delete your account with us.
As far as users who have not reached the age of 18 years are concerned, prior consent of the parents/guardians is mandatory in any case of giving personal data to the Company’s websites.
Name, title, address, area, postal code, telephone number, fax number, e-mail, occupation, Tax Identification Number, Internal Revenue Service, iban for the purpose of managing/executing orders, invoicing, entering into contracts and making payments, so that execution of the contract and compliance with the all the legal and tax obligations is possible.
Name, telephone number/cellphone number, e-mail for the purpose of updating the Company’s data base and targeting the market, provision of information on the Company’s business activities, promotion events, recall οf products, having previously being informed and having consented.
Name, identity data, passport, Bonus miles cards, for better transportation and accomplishment of the current collaboration, having previously being informed.
Name, date of birth, telephone number, address, e-mail, other information of the candidate/cv for the purpose of finding and evaluating personnel.
Name, date of birth, telephone number, address, e-mail, marital status, bank accounts and other information for creating personnel files for hiring/retiring, payroll purposes, human resources management, ISO records for compliance with all the legal and tax requirements.
Visitors of the Company’s facilities
Image recording data, collected through a close circuit tv system and entrance/exit recording data from the Company’s facilities for security purposes of persons, goods and facilities.
The Company does not make automated individual decisions or profiling.
3. Legal bases of Processing
• The legal bases of your data’s processing are the following: Your consent to the processing of your data for one or more specific purposes (article 6 par.1 of the GDPR), e.g. when you give us contact data for marketing and other promotional activities.
• Execution of a contract where you are a contracting party or for the purpose of taking measures before entering into the contract during the negotiation stage (article 6 par.1b of the GDPR).
• Processing is necessary for the purpose of us complying with the legal requirements as set out in the European or National Law, i.e. for complying with the tax and social security requirements (article 6 par. 1c of the GDPR).
• Processing is necessary for our Company’s pursuing its legal interests, provided that said interests do not infringe the interests, fundamental rights and freedoms of the subjects of the data (article 6 par f). More specifically, our Company’s legal interests are its business interests, protection of its facilities, safekeeping its properties and goods (tangible and intangible), safety of its personnel, monitoring and prevention of access to its facilities by persons who have no business there. Specifically in terms of safety, data processing is absolutely necessary and may not be implemented in any other manner.
4. Term of preservation of your personal data or criteria that determine this term.
We shall keep your personal data for as long as we maintain any business or other relationship with you.
Criteria for determining the term that we keep your personal data:
• Nature of data
• Purpose of processing
• Data’s value to the Company
• Legal, accounting and regulatory requirements in force for the Company’s businesses
• Possible obligations of the Company arising from keeping the data
• Risks for the Company and subjects of data that may arise from keeping the data
• After the expiration of the term of preserving your data, your data will be deleted from the Company’s databases, unless extension of this term is imposed by the law, accounting requirements or contractual obligations, for compliance purposes.
5. Who we share your personal data with
Inside our Company, your personal data are accessible by persons and departments as necessary for us to fulfill our obligations arising from our collaboration. These persons are bound by a confidentiality agreement regarding the data that they are processing.
In the course of our business, we may need to share your personal data with third providers who offer services on our behalf. We shall share with them only those data that are necessary for them to provide their services and we also bind them with confidentiality and personal data protection agreements so that they protect and process your data on our behalf and not use them for other purposes.
6. Personal Data Safety
When you give us your personal data, we take precautions to ensure that they are safely kept. In order to protect your personal data, we take natural, technical and organizational protection measures. We update and check the security technology that we use on a constant basis. We limit access to your personal data only to those employees that need to know said data in order to provide benefits or services to you. Moreover, we educate our employees on the importance of privacy and confidentiality and security of your personal data.
Among others, we have provided for the application of techniques and organizational measures and processes that protect your personal data from any loss, alteration, unlawful processing or change but also safe deletion and destruction thereof such as : natural security, infrastructure monitoring practices (CCTV security alert with entrance monitoring, user accounts for access to PCs, complexity of access codes, active and passive fire protection measures, separation of functions techniques, signing of secrecy-confidentiality agreements with the staff and suppliers of applications, information system protection measures (fire wall policies, antivirus, up systems, active directory, data base backup), internal and external audits, ISO 9001:2015 and ISO 13485:2016 Certifications.
7. Your rights
Subject’s right of access (article 15 GDPR)
You have the right to
• Obtain from the controller confirmation as to whether or not personal data concerning you are being processed
• Obtain a copy of your personal data undergoing processing without adversely affecting the rights and freedoms of others.
Right to rectification (article 16 GDPR)
You have the right to request rectification of inaccurate or incomplete personal data.
Right to erasure (“right to be forgotten”) (Article 17 GDPR)
You have the right to obtain from us the erasure of personal data concerning yourself and we have the obligation to erase personal data where the grounds mentioned in article 17, GDPR apply.
Right to restriction of processing (article 18 GDPR)
You have the right to obtain from the controller restriction of your personal data processing where one of the grounds provided for in article 18, par.1, points a), b), c) d) applies.
Where processing has been restricted under paragraph 1, such personal data shall, with the exception of storage, only be processed with the data subject’s consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.
A data subject who has obtained restriction of processing pursuant to paragraph 1 shall be informed by the controller before the restriction or processing is lifted.
Notification obligation regarding rectification or erasure of personal data or restriction of processing (article 19 GDPR)
The controller, our Company, shall communicate any rectification or erasure of personal data or restriction of processing carried out in accordance with Article 16, Article 17(1) and Article 18 to each recipient to whom the personal data have been disclosed, unless this proves impossible or involves disproportionate effort. The controller shall inform the data subject about those recipients if the data subject requests it.
Right to data portability (article 20 GDPR)
You have the right to receive the personal data concerning you, which you have provided to a controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided where:
a) The processing is based on consent pursuant to point (a) of Article 6(1) or point (a) of Article 9(2) or on a contract pursuant to point (b) of Article 6(1); and
b) The processing is carried out by automated means.
In exercising your rights to data portability pursuant to paragraph 1, you have the right to have the personal data transmitted directly from one controller to another, where technically feasible.
Right to object (Article 21 GDPR)
You have the right to object, on grounds relating to your particular situation, at any time to processing of persona data concerning you which is based on point (e) or (f) of Article 6(1), including profiling based on those provisions. The controller, our Company, shall no longer process the personal data unless the controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims.
Right to withdraw your consent (Article 7, point 3, GDPR)
You have the right to withdraw your consent at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.
Right to lodge a complaint with a supervisory authority (Article 77 GDPR)
You have the right to lodge a complaint with the competent Greek independent authority, which is the Hellenic Data Protection Authority (http://www.dpa.gr/) if you consider that processing of personal data relating to you infringes the provisions of Regulation 2016/679.
8. Exercising your rights
For your rights, as set out above and according to the provisions of the GDPR, you may contact us and file a request with our e-mail address email@example.com or send your request to our postal address 132 Kifisou Ave., P.C. 12131, Peristeri, Attiki.
Any action undertaken with regard to requests concerning your above mentioned rights, is free of charge. The Company may charge reasonable fees, taking into consideration the administrative costs for processing a request that is clearly unfounded or excessive due to its repeated nature.
For any question about your personal data processing you may contact PHARMEX’s data protection competent service at:
E mail: firstname.lastname@example.org
Switchboard: +30 210 5199200
Fax: +30 210 5144279
Postal Address: 132 Kifisou Ave., P.C. 13121, Peristeri, Attiki (cc: Data Protection Department)
To submit your request regarding exercise of your rights, please fill in the “Application Form to Exercise a Right” and send it to our postal address or e-mail address.
10. Compliance of Processing Controller
Our Company, Processing Controller, is obliged to respond to your request, according to the GDPR, within a period 30 days since receiving it. If your request is particularly complex, we may need to extend this period to 2 months. In such a case, the Company shall notify you within one month since receiving your request and for the reasons of delay.
11. Notification of personal data infringement to the data subject
Our company, processing controller, shall notify you immediately of any infringement regarding your personal data when such infringement is likely to inflict a significant risk to your rights and freedoms.
12. Current policy updating
Please visit our websites regularly so that you are informed on this Policy and how your data are protected.
Latest update of this Policy 30/04/2019