(DATA PROTECTION POLICY)
The Company “FARAN S.A.” (hereinafter referred to as the “Company”, “we”, “our”, “us”) fully respects the privacy of your personal data and makes every effort to protect them in full compliance with the Regulation (EU) 2016/679 on the Protection of Individuals with regard to processing of personal data/General Data Protection Regulation (hereinafter referred to as “GDPR”) and any other relevant applicable legislation.
- Controller Responsible for the Processing
- What is your personal data?
Your personal data includes any information that may lead, either directly or in combination with others, to your unique recognition or identification as a natural person. This category includes, if applicable, information such as name, postal address, email address, contact telephone number, etc., which allow your unique identification.
- What information we may collect about you and processing purposes for which your information is collected
Our Company may collect and process, as appropriate, the following personal data:
- From Healthcare Professionals such as:
- Full name, telephone number and e-mail, for providing medical information about our products, handling of complaints and (for) the announcement of side effects in the context of Pharmacovigilance in accordance with our legal obligations and prior informed consent.
- Full name, Specialty, Institution, address, amount of benefit for the publication, on our Website and in the EOF (National Organization for Medicines), for the benefits towards Healthcare Professionals and for the fulfillment of our legal obligations.
- Full name, Specialty, Capacity, Institution, address from personal database management companies to update the data of Healthcare Professionals and to ensure their accuracy in our assessment of legal obligations but also for purposes of documenting the legitimate interest in combating corruption during our assessment by third parties.
- From Scientific Healthcare Bodies and other patient associations such as:
- Name and amount of benefit for the publication, on our Website and in the EOF (National Organization for Medicines), of the benefits and/or sponsorships to Scientific Healthcare Bodies (such as hospitals, clinics, institutions, universities or other educational institutions or companies of any kind (e.g. NGOs), etc.), as well as donations and grants to patient associations (such as patients’ unions, societies, organizations, etc.), in the context of fulfilling our legal obligations in accordance with the provisions of the relevant legislation.
- From Consumers such as:
- Full name, telephone number, complaint description for the administration of complaints prior informed consent.
- Full name, title, telephone number for providing medical information prior informed consent.
- Full name, e-mail, telephone number, name of the medicine/indication-description of side effects, age, sex for the announcement of side effects in the context of the Pharmacovigilance in accordance with our legal obligations and prior informed consent.
- From Visitors to our Site, such as:
- Full name and e-mail which are collected in order to exercise your rights.
- Information contained in the CV from prospective employees, only if you choose to provide it to us.
- Visitors at the Company’s premises, such as:
- Entry and exit recording data at the Company’s premises in order to achieve protection of the security of natural persons, goods and facilities.
- Further purposes for which we process your personal data
In addition to the above, we may process your personal data for the following processing purposes:
- To provide you with information and services, after obtaining your consent such as:
- Provision of medical information for the Company’s products
- job advertisements
- Communication with site visitors
- To meet our legal obligations, including the following:
- to comply with applicable laws, regulations and directives (e.g. tax legislation, liabilities under EOF (National Organization for Medicines), etc.),
- to comply with requests or mandates of the regulatory authorities, governments, judicial and other authorities,
- to investigate and take action against any illegal or harmful behavior by users,
- To improve our daily functions:
- for internal purposes by conducting audits, data analysis and research so that we can provide and improve the existing digital platforms, the content and services of our Company,
- to monitor and analyze trends, use and activities in relation to our products and services, in order to understand which parts of our digital platforms and services attract the most interest and to improve the design and content of our platforms,
- to improve our products, services, and communication to you, and to optimize medical information services,
- (if applicable) to ensure that we have updated contact details of yours.
- On what legal basis do we rely when we use your personal data
Any collection and processing of personal data by our Company is done in accordance with existing legislation, in full compliance with the GDPR and any other relevant applicable legislation and with full respect for the principles under the law governing processing, i.e. the principles of legality and confidentiality. Therefore, we process your personal data for one or more of the following reasons:
- For legitimate business purposes in the context of our legitimate interests: We use your personal data to make our communication with you more relevant and personalized and to create an effective and efficient information and communication for you in relation to our products and services. Also, the data we collect helps us to improve our business activity, minimizing any problems in the services we can offer you. Finally, our Company can use your personal data to establish and defend its interests.
- To meet our contractual obligations: We may need to process your personal data in order to provide a product or service that you already have or you have requested by us. The processing purpose of personal data depends on the requirements for each product or service and the contractual terms and conditions provide more details about the relevant purposes.
- To comply with our legal obligations: It is important for us to comply with the requirements of national and european legislation, regulations and circulars (e.g. pharmaceutical legislation, tax legislation, etc.).
- To satisfy your various requests (such as information and communication requests, etc.), if you have given us your consent: At times we may need your consent to use your personal data for one or more of the purposes described above. In all such cases, you reserve the right to withdraw your consent at any time. However, this does not affect any processing of your personal data done before receiving your withdrawal notice.
- How long do we retain your personal data?
In addition, in some cases, we are obliged to keep your data in order to comply with the applicable statutory retention period (e.g. in the context of Pharmacovigilance-PV or in accordance with the requirements of tax legislation). In this case, we will ensure that your data will be used only for the abovementioned purpose and not for further purposes.
Your personal data are deleted from the Company’s databases, when the purpose of their processing ceases to exist, unless their further retention is required by the need to comply with a relevant law or a contractual obligation of our Company. Also, if you revoke your consent or object to the processing of your data, we will delete the data collected in a timely manner.
- With whom can we share your personal data
Within our Company, your data is processed by authorized personnel and only for the fulfillment of our contractual and statutory obligations, as well as in the framework of cooperation, service needs, etc.
Moreover, your data may be disclosed and made available to the following third parties in compliance with our contractual, legal and regulatory obligations:
- To domestic or foreign Agencies with which our Company cooperates in the framework of inspections, on the basis of a written agreement that always ensures the protection of your personal data, in order to fulfill our contractual obligations.
- In general, to public or other bodies, to which the Greek State has assigned tasks related to the public interest (such as Public Financial Services (DOY) and any public service, administrative, judicial, supervisory, regulatory or other Authority) when exercising their legal duties and responsibilities, to the extent that there is such obligation by law or their transmission is required in compliance with relevant provisions of law (e.g. EOF, judicial or prosecutorial authorities, etc.).
- To external partners or /and consultants to whom the Company entrusts the processing of personal data on its behalf or in the context of a specific collaboration (including legal advisors, accountants, those who provide us with technology services such as web design, hosting and support, and technical, accounting, tax and / or legal support, cloud storage services (cloud providers), storage, archiving, or/and file management companies, etc.), having signed the relevant contract for processing and protection of your data by which they undertake to keep your personal data confidential and appropriately secure.
Furthermore, it should be noted that your personal data are not transmitted to third countries (i.e. to countries outside the European Union). Also, our Company will not offer for sale or otherwise transmit or disclose your personal data to third parties, not related to it, without your consent, except for the compliance with relevant legal requirements and transmission only to the competent authorities.
- Personal Data Protection Policy in relation to
- What is Pharmacovigilance?
Pharmacovigilance (PV), as defined by the World Health Organization, is: “science and activities related to the detection, evaluation, understanding and prevention of side effects and any other drug-related problem.”.
- Purpose of collecting and processing of personal data on
Ensuring patient safety and safe use of our medicines is extremely important for our Company. If you report any side effects or other Pharmacovigilance related information in relation to a product of our Company, we will need to communicate with you about the products for which you have submitted your report. More specifically, the information requested when submitting your report to the Company is necessary in order to allow further communication from the Pharmacovigilance Department for the purpose of receiving additional information from you, monitoring your case, as well as answering your questions. At the same time, the data of the recipient of the drugs are necessary to avoid multiple recording of the same incident in our database.
All information you provide under this update are strictly confidential and are intended for use exclusively by the competent health professionals/scientists of our Company with a view of meeting its Pharmacovigilance obligations. We will use or/and disclose your personal data solely for the purposes of Pharmacovigilance.
- Personal data collected in the context of your Pharmacovigilance report
Our Company collects your personal data either directly from you following your report to our company or through a third person following his/her report to our company about the side effects of one of our products that have affected you.
In particular, the personal data that we may collect for you are the following:
- a) For the patients-recipients of the product that caused the side effects:
- The initials of your name
- Contact details
- Details of the product that caused the side effects, such as the active substance it contained, the dose you received, the prescription or/and receipt ratio
- The starting and ending dates of the treatmant
- The date (s) for the occurrence of the side effects
- Details (such as dose, prescription ratio, time treatment, etc.) regarding other medicines or medicinal products you may have been given at the same time and received at the time of the occurrence of side effects
- Your medical history
- Your history of taking medication and pharmaceuticals
- Other information about the incident and the occurrence of the adverse reaction.
- b) For the petitioners (third parties who submitted the
- Full name
- Contact details (including postal and e-mail address and telephone number)
- Your relationship to the patient – recipient of the product
- Processing and disclosure of your personal data in the
context of Pharmacovigilance
In response to its legal obligations of Pharmacovigilance, our Company processes your personal data mentioned above in order to investigate and evaluate the side effects reported by you or for you relating its products. In this context, the Company may:
- re-contact you for any further necessary information,
- collect, register, organize, structure and store your personal data as
foreseen in its internal,
- process your personal data submitted in the context of a report,
referencing or combining them with other relevant reports submitted for
the same product or for the same adverse effects,
- provide and promote the necessary information to the competent
operators or/and third parties.
The above-mentioned personal data of yours collected by our Company may also be communicated to third parties, especially other pharmaceutical companies with which we cooperate, if the side effects report concerns one of the products that our Company trades in its cooperation with its these companies. In this case, additional information can be provided on the companies to which said data are transmitted. The processing of your personal data by these companies – partners of our Company shall take place in accordance with their respective personal data protection policies on Pharmacovigilance and their respective agreements. In addition, the relevant information is also communicated to the competent national and regional Authorities and bodies (such as the National Organization for Medicines (EOF)), in line with the existing Pharmacovigilance legislation. Our Company cannot guarantee the processing of your personal data by these Authorities and bodies.
Subject to the anonymity of the petitioner and the patient, our Company may disclose information about the reported side effects (such as case studies and summaries), for medical, public, safety or/and other reasons.
- Pharmacovigilance reporting period
As patient safety is very important to us and your reports of any undesirable effects of our products are valuable for public health reasons, your personal data are kept in a record for as long as required under current Pharmacovigilance legislation, in order to ensure that we are in a position to evaluate the safety of our products over time.
- Cookies Policy
- What are cookies?
Cookies are small text files that a site saves on your computer or mobile terminal (tablet, smartphone, laptop) when you visit this site. This information may contain certain data such as which web pages you visited, the date and time of the visit, and a random and unique identification number of your computer. In this way, the site remembers your actions and preferences for a period of time, so you do not have to enter these preferences whenever you visit the site or browse its pages.
- What cookies are used on our site and what information is collected?
- a) Absolutely necessary / Basic Cookies: The absolutely necessary cookies are essential for the proper functioning of the site, allow you to browse and use its functions, such as access to secure areas or language settings. Without them, the provision of services you have requested may not be available and, thereby, we may not be able to provide our website with effective functionality. These cookies do not recognize your individual identity.
- b) Functionality Cookies: These cookies help the site remember your choices, such as your username, language and region. Thus, we provide you with improved and personalized features, only if you choose to accept all cookies giving your consent for their use following appropriate information. This data may be anonymous, while there are not available when the user navigates to other websites.
- How to check cookies?
- Protection & Security of your personal data
Recognizing the importance of the security of your personal data, we have taken all appropriate organizational and technical measures to protect your data from any form of accidental or unlawfull processing. We use the most modern and advanced methods to ensure maximum safety. In particular, the electronic systems of our Company have been developed in obedience to the principle of data minimization, so that the personal data you provide us for your navigation in them (Company’ s electronic systems) are limited to the minimum.
We also use various security measures and technologies to protect your personal data from unauthorized access, use, disclosure, alteration or destruction, in accordance with the relevant laws on protection and confidentiality of personal data such as anonymization, pseudonymization, data encryption, firewalls, data protection principles by design and by default (privacy by design and by default), and also organizational measures such as strict access policies to our systems, confidentiality commitment of the employees, staff training, periodic audits, etc. Unfortunately, no data transmission or storage system is 100% guaranteed secure.
When we share or transmit your personal data with third parties, we ensure that they keep your data confidential and implement appropriate security measures to maintain the security of your data.
- Links to third-party sites
The website of our Company may contain links to other third-party websites, which are operated and maintained solely by them, and which we cannot control. Our Company is in no way responsible for the privacy practices or policies of third-party websites, as it cannot guarantee the security of your browsing on them. In this context, please read carefully the respective privacy policies of the websites you visit, as they may differ significantly from ours. This privacy statement applies only to information collected from our site.
- What are your rights regarding your personal data?
Under GDPR (Articles 15-22) and the existing legislation, you have the following rights regarding the protection of personal data, which you can exercise, whenever you wish, by contacting us at the contact details set out below.
More specifically, you have the following rights:
- a) Right of access: the right to be informed, at your request, as to whether or not your personal information is being legally processed, as well as to request and receive information about the processing carried out.
- b) Right to rectification: the right to request:
- the rectification of your inaccurate personal data. This enables you to correct any incomplete or inaccurate data we retain about you,
- the completion or/and,
- the modification of them.
- c) Right to data portability: the right to request and receive a copy of the personal data concerning you in a structured, commonly used and machine-readable format, so that it can be transmitted (either by you or us) to other organizations designated by you.
- d) Right to object: the right to object to the processing of your personal data, for each of the grounds provided in Article 6 (par. 1 point (e) and (f)) of the GDPR, and if such legitimate grounds apply, we will stop the processing.
- e) Right of restriction of processing: the right to restrict the processing of your personal data.
- f) Right to erasure/Right to be forgotten: the right to request the deletion of your personal information, provided that this deletion is not contrary to the provisions of law, and
- g) Right to withdraw your consent: the right to withdraw your consent to the collection, processing and use of your personal data at any time. It should be noted that any withdrawal of consent shall take effect for the future and shall not affect the lawfulness of processing based on consent before its withdrawal by you.
In case of exercise of any of the aforementioned rights, our Company will respond without delay and no later than thirty (30) days from the receipt and identification of the relevant request. However, if your request is complex or there are a large number of requests, we will inform you within a month, if an extension (of this period) for another two (2) months will be required, within which we will respond to you.
Any request for the exercise of these rights will be assessed in accordance with applicable laws and there may be circumstances in which we have no legal obligation to comply with your request. All actions taken for requests for access, rectification, portability, deletion, objection and restriction of processing are provided free of charge.
If you wish to exercise any of the above rights you may email us to: email@example.com from the email address you have stated.
- What if you do not wish to provide us with your personal data?
In cases where the collection of your personal data is based on your consent, you can always refuse to grant it. If you object to the processing of your personal data, or if you have given your consent to the processing and later you withdrew it, we will respect your choice, always in accordance with our legal obligations. This could mean that we may not be able to carry out all actions needed so that you can use the services we offer. This withdrawal shall not affect the lawfulness of processing based on consent before its withdrawal.
- Contact Details
Email address: firstname.lastname@example.org
Telephone: +30.210 36 40 707
Postal address: 32 Akadimias Street, Athens 10672
- Right to lodge a complaint to the Hellenic Data Protection Authority
If your issue is not resolved, you can lodge a complaint with the Hellenic Data Protection Authority. On the relevant website of the abovementioned Authority, you will find information on how to lodge a complaint: http://www.dpa.gr
- How will you be notified of any amendments to this Policy?
Last updated:17th May 2021