GENESIS PHARMA S.A. PRIVACY POLICY
MAY 13, 2024GENESIS PHARMA S.A. (the “Company”) is dedicated to safeguarding your privacy and managing your personal data in a proportional, transparent, and accountable manner. This PRIVACY POLICY explains how the Company collects, uses, and processes your personal data and informs you of your rights under national law (Law 4624/2019) and the EU General Data Protection Regulation (GDPR) 2016/679. It is intended for natural persons who are current or potential collaborators of the Company, individuals who have or have had a business or employment relationship with the Company, and anyone who voluntarily provides data or communicates with the Company through any means.
1. GENESIS PHARMA S.A.
The Company has operated in the field of pharmaceutical biotechnology since 1997, specializing in the promotion, distribution, and sale of biopharmaceutical products.
Head Office – Registered Address:
GENESIS PHARMA S.A.
270 Kifissias Avenue, 15232
Chalandri – Athens, Greece
Tel: +30 210 877 1500
Fax: +30 210 689 3877
www.genesispharma.com
2. Scope of the Privacy Policy
This Privacy Policy applies to the Company, its affiliated entity GENESIS Pharma (Cyprus) Ltd, and the following subsidiaries of GENESIS Pharma (Cyprus) Ltd:
GENESIS PHARMA (CYPRUS) LTD
Consulco Building, 73 Metochiou Street – 2nd & 3rd Floor, 2407 Engomi, P.O.Box 23638, 1684 Nicosia, Cyprus
GENESIS BIOPHARMA ROMANIA SRL
Calea 13, Septembrie 90, sector 5, Office No. 1.04 - 1st Floor, 050726 Bucharest, Romania
GENESIS PHARMA BULGARIA EOOD
INTERPRED - World Trade Center Sofia 36, Dragan Tsankov Blvd, Office 702, 7th Floor, 1040 Sofia, Bulgaria
GENESIS PHARMA ADRIATIC D.O.O
Samoborska cesta 266, 10000 Zagreb, Croatia
GENESIS BIOPHARMA SL D.O.O.
Savska cesta 10, 1000 Ljubljana, Slovenia
GENESIS BIOPHARMA DOOEL SKOPJE
Blvd. 8th September 15, Mezzanine Office 6 (Hotel Aleksandar Palace), 1000 Skopje, North Macedonia
GENESIS BIOPHARMA DOO BEOGRAD
GTC 19 Avenue, Vladimira Popovica 38-40, 1st Floor, 11070 Belgrade, Serbia
GENESIS BIOPHARMA POLAND SP. Z.O.O.
Rondo Daszyńskiego 2B Street, 00-843 Warszawa, Poland
GENESIS BIOPHARMA SLOVAKIA S.R.O.
Dvořákovo nábrežie 4, 811 02 Bratislava-Staré Mesto, Slovakia
GENESIS BIOPHARMA HUNGARY KFT
Népfürdő utca 22., Building B, 13th Floor, 1138 Budapest, Hungary
GENESIS BIOPHARMA CZECH REPUBLIC S.R.O.
Kateřinská 466/40, Nové Město, 120 00 Prague, Czech Republic
3. Collection and Processing of Personal Data
We collect and process various types of personal data. Personal data refers to any information that can identify you directly or, when combined with other information, indirectly as an individual. This may include, but is not limited to, details such as your full name, Tax Identification Number (TIN), Social Security Number, physical and electronic addresses, landline and mobile phone numbers, email addresses, and any other information that allows your identification, in accordance with the provisions of the General Data Protection Regulation (GDPR 2016/679), applicable Greek legislation, and decisions issued by the Hellenic Data Protection Authority (HDPA).
We collect only the minimum personal data necessary for the performance of specific processing activities. This data is gathered directly from employees, current and potential collaborators, and clients, as well as through third parties who provide us with access to such information after securing the consent of the data subjects.
Additionally, we may collect and process personal data from publicly available sources, such as healthcare professional directories, association member lists, media platforms, and the internet, provided the data is lawfully obtained and permitted for processing.
4. Personal Data of Minors
We do not collect personal data for individuals under the age of 18 for business purposes. Personal data related to minors is collected solely for the purpose of insuring dependents of employees and providing additional benefits. Such data is collected only after obtaining explicit consent from their parents or legal guardians.
5. Purpose and Legal Basis for Processing Your Personal Data
As outlined above, we are committed to safeguarding your privacy and managing your data in a transparent and responsible manner. Accordingly, we process your personal data in compliance with the GDPR and applicable national data protection laws for one or more of the following purposes:
A. For the Performance of a Contract
We process personal data as part of the Company’s business activities to meet the requirements of various contracts. These may include, but are not limited to, contracts for the distribution of pharmaceutical products, procurement of goods and services, service or project agreements, contracts with contracting authorities, and employment agreements. The specific purpose of processing personal data is determined by the requirements of each individual contract.
B. For Compliance with Legal or Regulatory Obligations
We process personal data to comply with certain legal obligations imposed by applicable laws and regulatory requirements. For instance, Article 31(3) of Law 1316/83 stipulates that "The organization or funding of conferences, seminars, or any equivalent means of communication may only be permitted with prior approval from the EOF (National Organization for Medicines)."
C. For the Protection of Legitimate Interests
We process personal data to protect the legitimate interests of the Company or third parties. A legitimate interest exists when there is a business or commercial purpose for using your information, provided such use is necessary, reasonable, and lawful. Examples of such processing activities include:
· Implementing systems and procedures to ensure the security and proper functioning of the Company’s IT infrastructure, prevent potential criminal activities, safeguard assets, manage access controls, and enforce measures against violations.
· Installing surveillance systems (CCTV cameras), such as at facility entrances, to deter criminal acts or vandalism.
· Managing operational activities and supporting the development of new products and services.
· Sharing or verifying your personal data within the Company to update or confirm its accuracy in compliance with regulatory frameworks.
· Managing risk within the Company.
· Handling legal claims and preparing for defence in litigation.
D. Based on Your Consent
Where you have explicitly granted consent for specific processing activities, the lawfulness of such processing relies on your consent. You retain the right to withdraw your consent at any time. However, any processing conducted prior to the receipt of your withdrawal will remain valid and unaffected.
6. Who Are the Recipients of Your Personal Data
In fulfilling our contractual, legal, and regulatory obligations, as well as those of the companies within the GENESIS Pharma (Cyprus) Ltd group, your personal data may be shared internally or within the group with relevant departments. Additionally, various service providers and external contractors (suppliers) may also receive your personal data to ensure compliance with our legal and contractual obligations. These recipients are contractually bound to the Company to maintain confidentiality and protect data in accordance with local data protection laws and the GDPR.
It is important to note that we may disclose data about you for any of the reasons mentioned above, when required by law, or when you have provided your consent. All processors appointed by us to handle personal data on our behalf are contractually obligated to comply with the provisions of the GDPR. Under these circumstances, the recipients of personal data may include, but are not limited to:
· Supervisory, regulatory, and public authorities, as required by law. Examples include the EOF (National Organization for Medicines) and law enforcement agencies.
· Credit and financial institutions for payment processing
· External legal advisors
· Financial and business consultants
· Auditors and accountants
· Travel agencies
· Conference organizing agencies
· Companies providing storage, archiving and/or records management services
· Cloud storage and processing providers
· Website development and support companies
· Clinical Research Organizations (CROs)
· Healthcare service providers
7. Transfer of Personal Data Outside the EEA
Your personal data may be transferred to third countries (i.e., countries outside the European Economic Area) to affiliated companies, service providers, or as part of collaborations with external organizations whose products we distribute, or with your explicit consent. In such cases, the Company ensures the implementation of adequate safeguards, such as entering into European Standard Contractual Clauses, to guarantee compliance with data protection standards equivalent to those of the European Union.
8. Automated Decision-Making and Profiling
As a general practice, we do not use automated decision-making processes in the course of professional activities. However, certain data may be automatically processed to assess specific aspects (limited profiling) for the purpose of entering into or performing a contract with you. Examples of such cases include:
· Invitations to conferences and scientific events
· Selection based on expertise for the introduction of new pharmaceutical products to the market
· Selection for invitations to participate in Medical Advisory Boards organized by external organizations with which the Company collaborates
9. Marketing Activities and Profiling for such Activities
We may process your personal data to inform you about products, services, and offers that may be of interest to you. The personal data we process for this purpose includes information you provide to us, as well as data we collect and/or infer from your interactions with our products and services, such as details of our collaboration. We use this information to form an understanding of your potential needs or interests. In certain cases, limited profiling may be used, meaning your data is automatically processed to assess specific personal attributes. This allows us to provide you with tailored scientific information, education, or marketing about our products and services.
We will promote our products and services to you only if we have your explicit consent or, in certain cases, if we determine that we have a legitimate interest in doing so.
You have the right to object at any time to the processing of your personal data for marketing purposes, including profiling. You can exercise this right by contacting the Company at any time, either in person or in writing.
10. How Long We Retain Your Personal Information
We retain your personal data for as long as we maintain a business, educational, or other relationship with you (either directly or in connection with transactions involving a legal entity you are authorized to represent).
After our business relationship ends, we may retain your data for up to ten (10) years in accordance with:
· Pharmacovigilance (PhV) data retention requirements
· Tax record retention obligations
· Regulatory compliance requirements
· Employee record retention policies.
In some cases, we may retain your data for more than 10 years if legal or regulatory obligations prevent its deletion.
11. Personal Data Security
We understand the importance of protecting your privacy and personal information. To safeguard your data, we employ robust technical measures such as anonymization, pseudonymization, data encryption, firewalls, and privacy by design and by default. In addition, we implement organizational measures, including: strict access control policies, employee confidentiality agreements, comprehensive staff training programs, and regular audits of our systems and processes. All Company employees with access to your data use it solely for the purposes outlined in this policy. The information you provide is shared exclusively in the ways described in this Privacy Policy.
12. Your Rights
You have the following rights concerning the personal data we hold about you:
1. You have the right to access your personal data. This allows you, for example, to receive a copy of the personal data we hold about you and to verify that we are processing it lawfully. To request a copy, please contact us at dpo@genesispharma.com.
2. You have the right to request the correction of any incomplete or inaccurate personal data we hold about you.
3. You have the right to request the deletion of your personal data when there is no legal basis for us to continue processing it.
4. You have the right to object to the processing of your personal data when we rely on a legitimate interest, and something specific about your situation makes you want to object. If you object, we will stop processing your personal data unless we can demonstrate compelling legitimate grounds that override your interests, rights, and freedoms.
5. You have the right to object to the processing of your personal data for direct marketing purposes, including profiling related to such marketing.
If you object to processing for direct marketing purposes, we will cease processing your personal data for these purposes.
6. You have the right to request that we restrict the processing of your personal data, meaning we will only use it in specific cases, if:
1) the data is inaccurate,
2) the data has been used unlawfully, but you prefer it not to be deleted,
3) the data is no longer required by us, but you wish to retain it for potential legal claims,
4) you have requested that we stop using your personal data while waiting for confirmation of whether we have overriding legitimate grounds to continue processing it.
7. You have the right to request a copy of your personal data in a structured, commonly used, and machine-readable format, allowing you to transfer the data to another organization. Additionally, you can request that we transfer your personal data directly to another organization of your choice [known as the right to data portability].
8. You have the right to withdraw the consent you previously provided to us for processing your personal data at any time. Please note that withdrawing your consent does not affect the lawfulness of processing carried out based on your consent before its withdrawal.
To exercise any of your rights or if you have any questions regarding our use of your personal data, please contact the Company at dpo@genesispharma.com. You may also reach out to the Company’s Data Protection Officer, Mr. Charalambos Kamarinopoulos, via email at dpo@genesispharma.com or by phone at +30 210 87 71 637.
13. Right to File a Complaint
If you have exercised one or more of your data protection rights and feel that your concerns regarding the use of your personal data have not been satisfactorily addressed by us, you have the right to file a complaint by emailing us at dpo@genesispharma.com. Additionally, you have the right to lodge a complaint with the Hellenic Data Protection Authority (HDPA). For more information on how to file a complaint, please visit their website: https://www.dpa.gr/el/polites/katagelia_stin_arxi.
14. Changes to This Privacy Policy
We may occasionally update or modify this Privacy Policy. Any updates will be published on our website at www.genesispharma.com. The revised Privacy Policy will include the corresponding revision date at the end of the document. We encourage you to review this Policy periodically to stay informed about how we process and protect your personal information.
15. Cookies
Our website uses small files, known as “cookies,” to enhance functionality and improve your user experience. A cookie is stored in your browser and allows the website or a third party to recognize your device. You have the option to delete cookies or decline their use.
However, if you choose to delete or decline cookies, certain features of our website may no longer function properly, you may be unable to save your preferences, and some pages may not display correctly. For more information about how we use cookies, please refer to our Cookie Policy.