The Company “FARAN S.A.” (hereinafter referred to as the “Company”, “we”, “our”, “us”) fully respects the privacy of your personal data and makes every effort to protect them in full compliance with the Regulation (EU) 2016/679 on the Protection of Individuals with regard to processing of personal data/General Data Protection Regulation (hereinafter referred to as “GDPR”) and any other relevant applicable legislation.
The present Privacy Policy aims to inform users of this website about the manner and purpose of collecting and processing their personal data from our Company, the controller and owner of the site: www.faran.gr, as well as to explain their rights and choices about these data, and how they can communicate with us.
For any queries regarding this Privacy Policy, as well as any issues related to the processing of your personal data and the exercise of your rights, please contact us at the e-mail address: dpo@faran.gr.
Controller Responsible for Processing
The Company under the name “FARAN S.A.”, based in Kifissia, Attica, 5 Achaias and Trizinias Street, is, according to the current legislation, the Controller responsible for the processing of your personal data in the framework of the present Privacy Policy.
What Is Your Personal Data?
Your personal data includes any information that may lead, either directly or in combination with others, to your unique recognition or identification as a natural person. This category includes, if applicable, information such as name, postal address, email address, contact telephone number, etc., which allow your unique identification.
What Information We May Collect About You and Processing Purposes for Which Your Information Is Collected
Your personal data that may be processed by our Company is, in principle, the general personal data that you provide to us voluntarily when using the available functions of this website, including browsing data, user requests for the services offered on our website, as well as the data collected by cookies, in accordance with their terms of use as described below. We may also collect and process personal data from other sources, which we obtain legally and we are permitted to process.
Our Company may collect and process, as appropriate, the following personal data:
- From Healthcare Professionals such as:
- Full name, telephone number and e-mail, for providing medical information about our products, handling of complaints and (for) the announcement of side effects in the context of Pharmacovigilance in accordance with our legal obligations and prior informed consent.
- Full name, Specialty, Institution, address, amount of benefit for the publication, on our Website and in the EOF (National Organization for Medicines), for the benefits towards Healthcare Professionals and for the fulfillment of our legal obligations.
- Full name, Specialty, Capacity, Institution, address from personal database management companies to update the data of Healthcare Professionals and to ensure their accuracy in our assessment of legal obligations but also for purposes of documenting the legitimate interest in combating corruption during our assessment by third parties.
- From Scientific Healthcare Bodies and other patient associations such as:
- Name and amount of benefit for the publication, on our Website and in the EOF (National Organization for Medicines), of the benefits and/or sponsorships to Scientific Healthcare Bodies (such as hospitals, clinics, institutions, universities or other educational institutions or companies of any kind (e.g. NGOs), etc.), as well as donations and grants to patient associations (such as patients’ unions, societies, organizations, etc.), in the context of fulfilling our legal obligations in accordance with the provisions of the relevant legislation.
- From Consumers such as:
- Full name, telephone number, complaint description for the administration of complaints prior informed consent.
- Full name, title, telephone number for providing medical information prior informed consent.
- Full name, e-mail, telephone number, name of the medicine/indication-description of side effects, age, sex for the announcement of side effects in the context of the Pharmacovigilance in accordance with our legal obligations and prior informed consent.
- From Visitors to our Site, such as:
- Full name and e-mail which are collected in order to exercise your rights.
- Information contained in the CV from prospective employees, only if you choose to provide it to us.
- Visitors at the Company’s premises, such as:
- Entry and exit recording data at the Company’s premises in order to achieve protection of the security of natural persons, goods and facilities.
Further Purposes for Which We Process Your Personal Data
In addition to the above, we may process your personal data for the following processing purposes:
- To provide you with information and services, after obtaining your consent such as:
- Provision of medical information for the Company’s products
- job advertisements
- Communication with site visitors
- To meet our legal obligations, including the following:
- to comply with applicable laws, regulations and directives (e.g. tax legislation, liabilities under EOF (National Organization for Medicines), etc.),
- to comply with requests or mandates of the regulatory authorities, governments, judicial and other authorities,
- to investigate and take action against any illegal or harmful behavior by users,
- To improve our daily functions:
- for internal purposes by conducting audits, data analysis and research so that we can provide and improve the existing digital platforms, the content and services of our Company,
- to monitor and analyze trends, use and activities in relation to our products and services, in order to understand which parts of our digital platforms and services attract the most interest and to improve the design and content of our platforms,
- to improve our products, services, and communication to you, and to optimize medical information services,
- (if applicable) to ensure that we have updated contact details of yours.
On What Legal Basis Do We Rely When We Use Your Personal Data
Any collection and processing of personal data by our Company is done in accordance with existing legislation, in full compliance with the GDPR and any other relevant applicable legislation and with full respect for the principles under the law governing processing, i.e. the principles of legality and confidentiality. Therefore, we process your personal data for one or more of the following reasons:
- For legitimate business purposes in the context of our legitimate interests: We use your personal data to make our communication with you more relevant and personalized and to create an effective and efficient information and communication for you in relation to our products and services. Also, the data we collect helps us to improve our business activity, minimizing any problems in the services we can offer you. Finally, our Company can use your personal data to establish and defend its interests.
- To meet our contractual obligations: We may need to process your personal data in order to provide a product or service that you already have or you have requested by us. The processing purpose of personal data depends on the requirements for each product or service and the contractual terms and conditions provide more details about the relevant purposes.
- To comply with our legal obligations: It is important for us to comply with the requirements of national and european legislation, regulations and circulars (e.g. pharmaceutical legislation, tax legislation, etc.).
- To satisfy your various requests (such as information and communication requests, etc.), if you have given us your consent: At times we may need your consent to use your personal data for one or more of the purposes described above. In all such cases, you reserve the right to withdraw your consent at any time. However, this does not affect any processing of your personal data done before receiving your withdrawal notice.
How Long We Retain Your Personal Data For?
In addition, in some cases, we are obliged to keep your data in order to comply with the applicable statutory retention period (e.g. in the context of Pharmacovigilance-PV or in accordance with the requirements of tax legislation). In this case, we will ensure that your data will be used only for the above-mentioned purpose and not for further purposes.
Your personal data are deleted from the Company’s databases, when the purpose of their processing ceases to exist, unless their further retention is required by the need to comply with a relevant law or a contractual obligation of our Company. Also, if you revoke your consent or object to the processing of your data, we will delete the data collected in a timely manner.
Our Company processes your personal data for as long as is necessary for the purposes of processing, which is mainly the provision of our services requested by you. In particular, your personal data is stored by our Company only for the time period required to fulfill the purpose for which they were collected, as described in this Privacy Policy, based on their nature, any contractual relationship that governs their storage, the value of this data to us and the related legal obligations that may result from their retention.
With Whom Can We Share Your Personal Data
Within our Company, your data is processed by authorized personnel and only for the fulfillment of our contractual and statutory obligations, as well as in the framework of cooperation, service needs, etc.
Moreover, your data may be disclosed and made available to the following third parties in compliance with our contractual, legal and regulatory obligations:
- To domestic or foreign Agencies with which our Company cooperates in the framework of inspections, on the basis of a written agreement that always ensures the protection of your personal data, in order to fulfill our contractual obligations.
- In general, to public or other bodies, to which the Greek State has assigned tasks related to the public interest (such as Public Financial Services (DOY) and any public service, administrative, judicial, supervisory, regulatory or other Authority) when exercising their legal duties and responsibilities, to the extent that there is such obligation by law or their transmission is required in compliance with relevant provisions of law (e.g. EOF, judicial or prosecutorial authorities, etc.).
- To external partners or /and consultants to whom the Company entrusts the processing of personal data on its behalf or in the context of a specific collaboration (including legal advisors, accountants, those who provide us with technology services such as web design, hosting and support, and technical, accounting, tax and / or legal support, cloud storage services (cloud providers), storage, archiving, or/and file management companies, etc.), having signed the relevant contract for processing and protection of your data by which they undertake to keep your personal data confidential and appropriately secure.
Furthermore, it should be noted that your personal data are not transmitted to third countries (i.e. to countries outside the European Union). Also, our Company will not offer for sale or otherwise transmit or disclose your personal data to third parties, not related to it, without your consent, except for the compliance with relevant legal requirements and transmission only to the competent authorities.
Policy in Relation to Pharmacovigilance
What is Pharmacovigilance?
Pharmacovigilance (PV), as defined by the World Health Organization, is: “science and activities related to the detection, evaluation, understanding and prevention of side effects and any other drug-related problem.”.
Purpose of Collecting and Processing Personal Data on Pharmacovigilance
Ensuring patient safety and safe use of our medicines is extremely important for our Company. If you report any side effects or other Pharmacovigilance related information in relation to a product of our Company, we will need to communicate with you about the products for which you have submitted your report. More specifically, the information requested when submitting your report to the Company is necessary in order to allow further communication from the Pharmacovigilance Department for the purpose of receiving additional information from you, monitoring your case, as well as answering your questions. At the same time, the data of the recipient of the drugs are necessary to avoid multiple recording of the same incident in our database.
All information you provide under this update are strictly confidential and are intended for use exclusively by the competent health professionals/scientists of our Company with a view of meeting its Pharmacovigilance obligations. We will use or/and disclose your personal data solely for the purposes of Pharmacovigilance.
Personal Data Collected in the Context of Your Pharmacovigilance Report
Our Company collects your personal data either directly from you following your report to our company or through a third person following his/her report to our company about the side effects of one of our products that have affected you.
In particular, the personal data that we may collect for you are the following:
a) For the patients-recipients of the product that caused the side effects:
- The initials of your name
- Contact details
- Age
- Gender
- Details of the product that caused the side effects, such as the active substance it contained, the dose you received, the prescription or/and receipt ratio
- The starting and ending dates of the treatment
- The date(s) for the occurrence of the side effects
- Details (such as dose, prescription ratio, time treatment, etc.) regarding other medicines or medicinal products you may have been given at the same time and received at the time of the occurrence of side effects
- Your medical history
- Your history of taking medication and pharmaceuticals
- Other information about the incident and the occurrence of the adverse reaction.
b) For the petitioners (third parties who submitted the report):
- Full name
- Contact details (including postal and e-mail address and telephone number)
- Profession
- Your relationship to the patient – recipient of the product
Processing and Disclosure in the Context of Pharmacovigilance
In response to its legal obligations of Pharmacovigilance, our Company processes your personal data mentioned above in order to investigate and evaluate the side effects reported by you or for you relating its products. In this context, the Company may:
- re-contact you for any further necessary information,
- collect, register, organize, structure and store your personal data as foreseen in its internal,
- process your personal data submitted in the context of a report,
- referencing or combining them with other relevant reports submitted for the same product or for the same adverse effects,
- provide and promote the necessary information to the competent operators or/and third parties.
The above-mentioned personal data of yours collected by our Company may also be communicated to third parties, especially other pharmaceutical companies with which we cooperate, if the side effects report concerns one of the products that our Company trades in its cooperation with its these companies. In this case, additional information can be provided on the companies to which said data are transmitted. The processing of your personal data by these companies – partners of our Company shall take place in accordance with their respective personal data protection policies on Pharmacovigilance and their respective agreements. In addition, the relevant information is also communicated to the competent national and regional Authorities and bodies (such as the National Organization for Medicines (EOF)), in line with the existing Pharmacovigilance legislation. Our Company cannot guarantee the processing of your personal data by these Authorities and bodies.
Subject to the anonymity of the petitioner and the patient, our Company may disclose information about the reported side effects (such as case studies and summaries), for medical, public, safety or/and other reasons.
Pharmacovigilance Reporting Period
As patient safety is very important to us and your reports of any undesirable effects of our products are valuable for public health reasons, your personal data are kept in a record for as long as required under current Pharmacovigilance legislation, in order to ensure that we are in a position to evaluate the safety of our products over time.
Cookies Policy
Our Company collects the information referred to in the preceding paragraphs by using various technologies, one of which is the so-called “cookies”. This Privacy Policy explains what are cookies and how we use them on our Company’s website, i.e. the types of cookies used by the Company each time you visit our website, the information that the Company collects by using cookies, and how this information is used. More specifically:
What Are Cookies?
Cookies are small text files that a site saves on your computer or mobile terminal (tablet, smartphone, laptop) when you visit this site. This information may contain certain data such as which web pages you visited, the date and time of the visit, and a random and unique identification number of your computer. In this way, the site remembers your actions and preferences for a period of time, so you do not have to enter these preferences whenever you visit the site or browse its pages.
In general, the use of cookies requires your prior consent, with the exception of technical cookies, which are necessary for the proper functioning of a website and for the user to browse it. Without them, users may not be able to view the pages properly or use certain services.
What Cookies Are Used on Our Site and What Information Is Collected?
Our website www.faran.gr uses cookies for various purposes depending on their function:
- Absolutely necessary / Basic Cookies: The absolutely necessary cookies are essential for the proper functioning of the site, allow you to browse and use its functions, such as access to secure areas or language settings. Without them, the provision of services you have requested may not be available and, thereby, we may not be able to provide our website with effective functionality. These cookies do not recognize your individual identity.
- Functionality Cookies: These cookies help the site remember your choices, such as your username, language and region. Thus, we provide you with improved and personalized features, only if you choose to accept all cookies giving your consent for their use following appropriate information. This data may be anonymous, while there are not available when the user navigates to other websites.
How to Check Cookies?
Cookies are stored to your on your computer or device, after you learn about privacy settings. If you do not accept cookies or some of them, some of our site’ s features may not be fully available. It is at your discretion, whenever you like, to withdraw your consent or oppose the use of cookies on your computer or device, to check or/and delete cookies. You can delete cookies from the computer or device you used at any time by following each browser’ s settings (e.g. Google Chrome, Microsoft Edge). By doing so, you withdraw your consent to the use of cookies on your computer or device. You can also set up the browser you use in such a way that it either alerts you to the use of cookies on specific website services or does not allow the acceptance of cookies in any way.
Protection and Security of Your Personal Data
Recognizing the importance of the security of your personal data, we have taken all appropriate organizational and technical measures to protect your data from any form of accidental or unlawfull processing. We use the most modern and advanced methods to ensure maximum safety. In particular, the electronic systems of our Company have been developed in obedience to the principle of data minimization, so that the personal data you provide us for your navigation in them (Company’ s electronic systems) are limited to the minimum.
We also use various security measures and technologies to protect your personal data from unauthorized access, use, disclosure, alteration or destruction, in accordance with the relevant laws on protection and confidentiality of personal data such as anonymization, pseudonymization, data encryption, firewalls, data protection principles by design and by default (privacy by design and by default), and also organizational measures such as strict access policies to our systems, confidentiality commitment of the employees, staff training, periodic audits, etc. Unfortunately, no data transmission or storage system is 100% guaranteed secure.
When we share or transmit your personal data with third parties, we ensure that they keep your data confidential and implement appropriate security measures to maintain the security of your data.
Links to Third-Party Sites
The website of our Company may contain links to other third-party websites, which are operated and maintained solely by them, and which we cannot control. Our Company is in no way responsible for the privacy practices or policies of third-party websites, as it cannot guarantee the security of your browsing on them. In this context, please read carefully the respective privacy policies of the websites you visit, as they may differ significantly from ours. This privacy statement applies only to information collected from our site.
What Are Your Rights Regarding Your Personal Data?
Under GDPR (Articles 15-22) and the existing legislation, you have the following rights regarding the protection of personal data, which you can exercise, whenever you wish, by contacting us at the contact details set out below.
More specifically, you have the following rights:
- Right of access: the right to be informed, at your request, as to whether or not your personal information is being legally processed, as well as to request and receive information about the processing carried out.
- Right to data portability: the right to request and receive a copy of the personal data concerning you in a structured, commonly used and machine-readable format, so that it can be transmitted (either by you or us) to other organizations designated by you.
- Right to object: the right to object to the processing of your personal data, for each of the grounds provided in Article 6 (par. 1 point (e) and (f)) of the GDPR, and if such legitimate grounds apply, we will stop the processing.
- Right of restriction of processing: the right to restrict the processing of your personal data.
- Right to erasure/Right to be forgotten: the right to request the deletion of your personal information, provided that this deletion is not contrary to the provisions of law, and
- Right to withdraw your consent: the right to withdraw your consent to the collection, processing and use of your personal data at any time. It should be noted that any withdrawal of consent shall take effect for the future and shall not affect the lawfulness of processing based on consent before its withdrawal by you.
- Right to rectification:
- the right to request the rectification of your inaccurate personal data. This enables you to correct any incomplete or inaccurate data we retain about you,
- the right to request the completion or/and the modification of them.
In case of exercise of any of the aforementioned rights, our Company will respond without delay and no later than thirty (30) days from the receipt and identification of the relevant request. However, if your request is complex or there are a large number of requests, we will inform you within a month, if an extension (of this period) for another two (2) months will be required, within which we will respond to you.
Any request for the exercise of these rights will be assessed in accordance with applicable laws and there may be circumstances in which we have no legal obligation to comply with your request. All actions taken for requests for access, rectification, portability, deletion, objection and restriction of processing are provided free of charge.
If you wish to exercise any of the above rights you may email us to: dpo@faran.gr from the email address you have stated.
What If You Do Not Wish to Provide Us with Your Personal Data?
In cases where the collection of your personal data is based on your consent, you can always refuse to grant it. If you object to the processing of your personal data, or if you have given your consent to the processing and later you withdrew it, we will respect your choice, always in accordance with our legal obligations. This could mean that we may not be able to carry out all actions needed so that you can use the services we offer. This withdrawal shall not affect the lawfulness of processing based on consent before its withdrawal.
Contact Details
If you have any questions or requests regarding this Privacy Policy or if you wish to exercise any of the above rights, you may contact the Company’ s Data Protection Officer (DPO), by using the following contact details:
Email address: dpo@faran.gr
Telephone: +30.210 36 40 707
Postal address: 32 Akadimias Street, Athens 10672
Right to Lodge a Complaint to the Hellenic Data Protection Authority
If your issue is not resolved, you can lodge a complaint with the Hellenic Data Protection Authority. On the relevant website of the abovementioned Authority, you will find information on how to lodge a complaint: http://www.dpa.gr
How Will you Be Notified of any Amendments to this Policy?
We update the present Privacy Policy whenever necessary. In the event of substantial changes to this Privacy Policy or the way we use your personal data, we will post an update to this on our site, before the changes take effect and we will notify you in any appropriate way. We encourage you to check regularly this Policy, so as to know how your data are protected.
Last updated: 17th May 2021