Privacy Policy
Last update: 31/09/2022
1. General
The company “GENEPHARM S.A.”, registered in Marathon Avenue (18th km), Pallini, Attica, with VAT number 094032163 (hereinafter the “GENEPHARM S.A.”, “Company”, “we”, “us” etc..) respects and protects your privacy and your personal data. This privacy policy (hereinafter the “Privacy Policy”) is applied when you use the website https://www.genepharm.com/ owned by the Company (hereinafter the “Website”)
For the purposes of this Privacy Policy, our Company is acting as a Data Controller in accordance with Article 4 para. 7 GDPR
2. Legal framework
2.1. Your personal data are processed in accordance with the provisions of the General Data Protection Regulation under no. 2016/679 (hereinafter the “GDPR”), the Law under no. 4624/2019, which integrates the GDPR in the Greek legal order without prejudice to any specific national and European legislation regarding certain sectors as well as in accordance with the provisions of the protection of personal data and private life in the sector of electronic communications (Greek Law under no. 3471/2006, as applicable) and the decisions of the Hellenic Data Protection Authority (hereinafter the “HDPA”).
2.2. This Privacy Policy describes the conditions of collection, storage and use by our Company of your personal data and your information and allows you to be informed about the origin and use of browsing information collected by Cookies, as well as the way that you can exercise your rights under applicable law.
3. What does the term personal data mean, which personal data do we collect and how do we collect them
3.1. The personal data are information of either individuals or professionals that can be used to identify an identified or identifiable natural person. Different information which, if combined, may lead to the identification of a specific person is also personal data. The personal data that are provided by the user of the Website are referred in the table below (hereinafter the “Personal Data”). The first column indicates the type of the collected Personal Data and the second the method that they are collected:
|
Personal Data
|
Collection Method
|
|
· First Name
· Last Name
· Telephone number
· E-mail
|
Through the contact form available on the Website, under the "COMMUNICATION" tab.
|
3.2. Moreover, in some cases, our Company may collect data via automated means. For these, we kindly refer to the @Cookies Policy.
3.3. It is noted that our Company does not collect in any way special categories of personal data, such as data related to racial and ethnic origin, political opinions, religious or philosophical beliefs or trade union membership, genetic data, biometric data for indisputable identification of a natural person, data concerning health, data concerning sex life or sexual orientation.
3.4. Our Company does not keep or process personal data of minors. If you are less than 16 years of age, you'll need to get your parent's consent before registering for the Website's services. If we find that we have collected Personal Data from a child under the age of 16 without the above condition applying, we will delete that data as soon as possible.
3.5. You are not obliged to provide your Personal Data to our Company. However, if you do not provide all or some of the requested information, we may not be able to provide you with certain services or information.
4. Which is the legal basis and use of the Personal Data that we collect?
4.1. We collect the Personal Data whether there is a legal basis in accordance with Art. 6 GDPR.
4.2. Personal Data are collected only when it is (a) necessary to provide you with our services (Art. 6 para. 1b GDPR), (b) necessary for our legitimate interest (Art. 6 para. 1e GDPR), and/or (c) necessary for compliance with our legal obligations (Art. 6 para. 1c GDPR). Additionally, legal basis for the processing of Personal Data by our Company is the express, clear and free consent of the user - e.g., in case of subscription to the newsletter (Art. 6 para. 1a GDPR).
4.3. We will use your Personal Data for the purposes for which we collected them, unless we reasonably believe that we need to use them for another reason that is compatible with the initial purpose. If you would like to receive clarifications on whether the processing for the new purpose is compatible with the initial purpose, kindly contact us. If we need to use your Personal Data for a different purpose, we will notify you in order to obtain your written consent to do so or to explain the legal basis that allows us to carry out such action.
4.4. We do not use your Personal Data for profiling. Profiling is any form of automated processing of personal data, through which personal data are used for the purpose of evaluating specific personal characteristics associated with a person, including, but not limited to, financial situation, health, personal preferences, interests, credibility, conduct, location or movements of that natural person.
4.5. The Company may transfer, on a reasonable scale, Personal Data that are collected and processed legally, in the event that any corporate transformation takes place in the future, that will result in the change of its control, such as acquisition, merger, restructuring or any transfer of a totality of the assets, or part thereof, or business. The Company will inform the natural persons, whose Personal Data are processed, regarding the transfer of their personal data by any means, within a reasonable period of time. In cases that the processing of collected Personal Data requires the legal basis of consent (Art. 6 para. 1a GDPR), then, our Company will request the consent of the natural persons again, in order to transfer such Personal Data, in accordance with current legal framework.
5. How long can your Personal Data be stored?
5.1. As general rule, your Personal Data will be stored for as long as it is absolutely necessary for the purposes that it is collected. Criteria, used to determine the retention period, include:
• the duration that we have an ongoing relationship with you and provide you with the services of the Website, or
• if there is a legal obligation with which we must comply, such as tax obligations or security reasons of our business activity, or
• if retention depends on our legal position (such as regarding the enforcement of the Terms of Use, applicable statutes of limitations, litigation, or regulatory investigations).
6. With whom does our Company share your Personal Data?
6.1. Recipients of your Personal Data are the necessary staff of our Company, who are committed to maintaining confidentiality. Our Company is cooperating with other companies in order to provide its services. Specifically, it cooperates with technology service providers, who gain access to all Personal Data that are strictly necessary for their activity, which, among others, includes: your best support/ service, the functional and the computerized organization of the Website, the optimizing of our services and our products etc.
6.2. Our Company, and all the companies, which we cooperate with, ensure the necessary level of protection according to GDPR, applying the necessary technical and organizational measures for the protection of your data.
6.3. Your Personal Data are not transferred outside the European Union.
7. Data Security
7.1. We are committed to safeguard your Personal Data.
7.2. Our Company recognizes the importance of the security of your Personal Data, so it has taken all the appropriate technical and organizational measures for the security and the protection of your Personal Data against any form of accidental or unlawful processing. Our Company uses the most state-of-the-art and advanced methods, in order to ensure the maximum possible safety [πρωτόκολλο SSL: Sectigo RSA Domain Validation Secure Server CA, SHA-256 Fingerprint, SHA-1 Fingerprint]. These measures are reviewed and modified when it is necessary.
7.3. These measures are reviewed and amended by our Company when and where deemed necessary.
8. Data Breach
8.1. In the case of a Personal Data breach, our Company notifies without undue delay, not later than 72 hours after having become aware of it, the HDPA, unless the Personal Data breach is unlikely to result in a risk to the rights and freedoms of natural persons. Where the notification to the supervisory authority is not made within 72 hours, it shall be accompanied by reasons for the delay.
8.2. When the Personal Data breach is likely to result in a high risk to the rights and freedoms of the natural persons, our Company will communicate the Personal Data breach to the data subject without undue delay.
9. Which are your rights?
9.1. Right to access
You have the right to obtain access and share your Personal Data. Before we answer to your request, we are obliged to verify your identity. Our Company may ask you to provide additional information in order to respond to your request. We undertake the obligation to respond to your request as soon as possible.
9.2. Right to correction of your Personal Data
You can also request the correction of your Personal Data, which may be incorrect. Depending on the type of the processing, you can also request the completion of your Personal Data, collected by our Company.
9.3. Right to withdraw your consent with regards to the processing of your Personal Data
Where the process of your Personal Data is based on your consent (use of cookies and related technologies on the Website), you have the right to withdraw your consent anytime.
You can exercise this right by changing the subscription options in the newsletter and by withdrawing your consent regarding direct marketing and specific types of Cookies.
9.4. Right to erasure (‘right to be forgotten’)
You can also request the erasure of your Personal Data in the cases that are indicatively mentioned below:
• In case that you consider that the process of your Personal Data is no longer necessary, given that you do not longer use the Website and the services of our Company or/and that the purposes that are referred to this Privacy Policy or the retention of your Personal Data by our Company is against the Law.
• In case that you have withdrawn your consent for the process of your Personal Data (kindly see above).
• In case that you disagree with the processing of your Personal Data for reasons related to your personal situation.
9.5. Right to Personal Data portability
You can request the portability of your Personal Data to you or to any third party. In that case, we will provide to you, or the third party indicated by you, your Personal Data in a structured commonly readable machine format.
9.6. Alternatively, within the limits of the Law, you can exercise the right to restriction of processing of your Personal Data
Kindly note that despite your right to erasure or restriction, our Company may keep some of your Personal Data, when it is required by law or when it has a legitimate reason to do so (for example, to prove the performance of a contract) or the defense of the rights in the court or when the exercise of this right is likely to result in breach of the right of freedom of expression and information. For example, this could happen if you breach the @Terms of Use.
9.7 Right to object
You have the right to object, on grounds relating to your particular situation, at any time to processing of your Personal Data concerning you which is based Art. 6 para. 1e GDPR - duty performed in terms of public interest, or Art. 6 para. 1f GDPR - existence of legitimate interest, including profiling, subject to Art. 21 para. 6 GDPR.
To exercise the above rights, kindly communicate with us as it is referred in clause 10 “How you can communicate with us”.
9.8. Right to communicate with the Data Protection Authority
In any case, if you think that the security of your Personal Data is threatened, you have the right to file a complaint with the HDPA (if you live within European Union with the corresponding competent Authority) using the following contact details:
Website: www.dpa.gr/ Address: 1-3 Kifissias Ave., P.C. 115 23, Athens/ Telephone: 210 6475600/ Fax: 2106475628/ Email: This email address is being protected from spambots. You need JavaScript enabled to view it.
10. How do you communicate with our Company?
If you have any questions or observations regarding this Privacy Policy, you can contact us:
a) In writing: to our Company address: Marathon Avenue (18th km), Pallini, Attica,
b) By phone: +30 2106039336- For quality control purposes, your call may be recorded and
c) By email: This email address is being protected from spambots. You need JavaScript enabled to view it.
11. Modification of the Privacy Policy
Our Company may occasionally modify this Privacy Policy. In that case, our Company will inform you by changing the date at the top of this Privacy Policy. We encourage you to read this Privacy Policy when you interact with us so that you become aware of the personal data protection practices of our Company and the ways you can control the use of Personal Data and the protection of your privacy.
