Vianex

PHARMACEUTICAL COMPANY Member of the Giannakopoulos Group

VIANEX S.A. Privacy Notice

Date last updated: March 2025

For us at VIANEX S.A. (hereinafter the "Company" and "we") the communication with you and the information we can provide you with is of particular importance.

Contents

This Privacy Notice describes:

  1. Who is the Data Controller of your personal data
  2. Which personal data we collect and the purposes of processing
  3. How we use your personal data
  4. On which legal basis we rely on when we process your personal data
  5. How long we keep your personal data or the criteria that determine that period
  6. With whom we may share your personal data
  7. When we make automated decisions and profiling
  8. How we protect your personal data
  9. What rights you have regarding your personal data
  10. What happens if you don't want to provide us with your personal data
  11. Contact information
  12. Right to submit a complaint to the supervisory authority

 

  1. Who is the Data Controller of your personal data

The Company with the name "VIANEX S.A. Commercial-Industrial-Tourist-Hotel and Shipping Company" with designated title "VIANEX S.A.", which has its registered office at 8 Varibobi Street, 146 71, Nea Erythraia, with Business Registration Number (GEMI) 000274201000, is, according to the applicable legislation, the Data Controller of your personal data in the context of this Privacy Notice.

  1. Which personal data we collect and the purposes of processing

Personal data is the data that can be used to identify or communicate with a natural person, as well as  other details that relate to them and can be used for identification.

The Company collects personal information of visitors/users of the website, only when they themselves voluntarily provide it for the provision of the services that are available online. It also collects and processes personal data from other sources which it legally obtains and is allowed to process.

The Company collects and process personal data of:

Health Care Professionals (HCP) such as:

  • Full name, Social Security Number, Job title, Specialization, Employer, number of participations and documentation for participation in Scientific Events, for completion of the participation and hosting in Scientific Events in accordance with the circulars of the National Organization for Medicines (EOF) and other National regulatory authorities.
  • Full name, address, specialization, e-mail, mobile phone number for the direct sending of promotional information (newsletters) upon notice and consent.
  • Full name, mobile phone number to provide medical information about products, manage complaints and report adverse events in the framework of Pharmacovigilance in accordance with legal obligations and following notice and consent.
  • Full name, VAT number, address, e-mail, mobile phone number for order management and invoicing (pharmacists) in order to be able to execute the contract and comply with tax obligations.
  • Full name, Specialization, Job title, Institution from publicly accessible sources (such as decisions of the Ministry of Health or EOF for the appointment of members to committees related to Human Medicines) for documentation purposes in accordance with legal obligations to prevent and combat corruption.
  • Full name, telephone number, Specialization, Job title, Institution, address, number of visits by our Company's sales representatives and by personal data base management companies for the planning of product marketing and optimization of medical information services upon notice and consent where required.
  • Full name, Specialization, Employer, address, transfer of value amount   , for the disclosure of transfers of value from VIANEX to Health Care Professionals and the fulfillment of disclosure obligations.
  • Bank account number (IBAN) for payment of goods or services.
  • Full name, Specialization, Job title, Institution, address from personal data base management companies to update the data of HCPs and ensure their accuracy during our assessment for legal obligations but also for the purposes of documenting the legitimate interest in fighting corruption during our third party assessment.
  • Full name, address from personal data base management companies who have obtain HCPs consent for the purpose of legal compliance of pharmaceutical companies (third parties), such as with European Union regulations and foreign US laws, relating to restrictive measures (sanctions) imposed on countries, governments, entities and individuals.

Consumers such as:

  • Full name, telephone number, description of complaint, for complaint management  upon notice and consent.
  • Full name, Job title, telephone number for the provision of medical information upon notice and consent.
  • Full name, telephone number, name of Medicinal Product/indication-description of adverse effect, age, gender, weight, height, date of birth for reporting adverse effects in the framework of Pharmacovigilance in accordance with legal obligations and after notice and consent.
  • Full name, phone number, email and shipping address of the gift in order to participate in our consumer and other non-prescription products contests on social media after notice and consent.
  • Full name and e-mail address of social media users who respond to advertising campaigns and choose to subscribe to our non-prescription products newsletter after notice and consent.

Visitors to the Website, such as:

  • your IP address and the pages you visited before and after you visited this website, information you searched for on the websites, when and for how long you visited the websites and the time you spent on those pages, the website that referred you to the website, information about your device, such as the unique device identification number, device model, operating system and version, and your mobile network information, for statistical purposes.
  • Full name, address, date of birth, telephone number, identity card information, collected in order to exercise your rights.
  • Information contained in the resume, from prospective employees only if you choose to give it to us, upon notice and consent.
  • Information provided when communicating with the  Helpline for Complaints (such as first name, last name, email, telephone number, and any other information provided when you are using  this communication channel)  and submission of reports.

Visitors to the Company's facilities, such as:

  • Video recording data, which is collected by closed circuit television (CCTV).
  • Entry/exit recording data at the Company's facilities, for the protection and security of natural persons, goods and facilities.

Suppliers and potential counterparties of the Company, such as:

  • Identification and contact information (full name, address, VAT number, IBAN) for order management and invoicing , e-invoicing,  and to be able to perform the contract and comply with tax obligations.
  • Identification and contact data (Name, address, VAT number, Means of Transport Number, Name of Other Associated Entities such as Sender, Third Party Sender, Carrier, Recipient, Third Party Recipient) for the digital issuance of goods movement documents in order to be able to perform the contract and comply with tax obligations.
  • Data for the due diligence assessment required by the provisions of national and foreign legislation   for transparency and prevention of Corruption and Bribery (Full name of owners, partners, shareholders, members of the management, executives, Position title, status of public servant or government employee/official).
  • Name, address through the third-party due diligence assessment process for the purpose of the company's legal compliance with European Union regulations and foreign US laws, relating to restrictive measures (sanctions) imposed on countries, governments, entities and individuals.
  1. How we use your personal data

In addition to those mentioned above, we may use your personal data for the following processing purposes:

  • To provide you with information and services, provided we have your consent such as:
  • Participation/registration in the context of Scientific Events,
  • Providing medical information about the Company's products
  • Online events updates
  • Sending promotional/informative, advertising programs of the Company
  • Sending press releases
  • Employment ads
  • Communication with website visitors

To meet our legal obligations, including:

  • to comply with applicable legislation, regulations and directives (e.g. tax legislation, obligations under EOF, etc.)
  • to comply with requests or orders from regulatory, governmental, judicial and other authorities;
  • to investigate and take action against any illegal or harmful behavior by users;

To improve our daily operations:

  • to improve our products, services, and communications to you, and to optimize our medical representatives information services.
  • (where applicable) to ensure that we have your up-to-date contact details.

Finally, the Company  process part or all of the information sent by visitors/users for statistical purposes and to improve the services provided - information provided through the website.

  1. On which legal basis we rely on when we process your personal data

The Company is committed to processing your personal data in a transparent manner, complying with the principles of lawfulness and confidentiality. We therefore process personal data for one or more of the following purposes:

For legitimate business purposes within our legitimate interests: We use your personal data to make our communication with you more targeted and personalized and to create effective and efficient communication and provision of information in relation to our products and services. Also, the data we collect help us improve our business, minimizing any problems with the services we may offer you. Finally, our Company can use your personal data to establish and defend its interests.

To perform a contract to which you are a party: We may need to process your personal data to provide a product or service that you already have or have requested from us. The purpose of processing personal data depends on the requirements for each product or service and the contractual terms and conditions provide more details about the relevant purposes.

To comply with our legal obligations: It is important for us to comply with the requirements of national and EU laws, regulations and circulars (e.g. medicinal products legislation, tax legislation, etc.).

You have given your consent: Occasionally we  need your consent in order to use your personal data for one or more of the purposes described above. In all such cases, you reserve the right to withdraw your consent at any time. However, in this case, any processing of personal data carried out before the receipt of your withdrawal statement is not affected.

  1. How long we keep your personal data or the criteria that determine that period

We will retain your personal data for as long as we maintain any business or other relationship with you.

Criteria taken into account when determining the data retention period:

  • The nature of the data
  • The purpose of processing
  • The legal and regulatory requirements as applicable in the industry in which the Company operates
  • The value of the data for the Company
  • The risks for the Company and the data subjects that  arise from their retention
  • The possible obligations of the Company that  result from their retention
  • The retention period of your data also depends on: (i) the requirements of the law [e.g. tax legislation, Pharmacovigilance (PV) data retention requirements], (ii) the nature and requirements of our relationship with you.

In the event that the necessary retention period for your data has passed, they will be deleted from the Company's databases, unless their further retention is required by the need to comply with a relevant legal provision or the Company's contractual obligation.

  1. With whom we may share your personal data

Within the Company, your data is received only by the individuals and departments that need it to fulfill their contractual and legal obligations and in the context of cooperation, service needs, etc. These individuals are specifically authorized by the Company for this purpose.

We may share your personal data with the following third parties when fulfilling our contractual, legal, regulatory obligations:

  • To companies that belong to the same group of companies as the Company, in the context of exercising their responsibilities.
  • In domestic or foreign Companies with which the Company cooperates in the context of inspections, based on a written agreement that always ensures the protection of your personal data in order to fulfill our contractual obligations.
  • More generally, to public bodies, or to other bodies, to which the Greek Public Sector has assigned tasks related to the public interest (such as Public Financial Services and any Public Service, administrative, judicial, supervisory, regulatory or other Authority) in the context of the exercise of their legal duties and responsibilities, to the extent that there is an obligation by law or their transmission is required due to compliance with relevant provisions of the law (e.g. EOF and the judicial authorities)   
  • To your bank in order to make the transaction
  • In Insurance Companies in case of debt claims
  • To third parties in case of foreclosures and trustees in case of bankruptcy.
  • To external partners and/or consultants to whom the Company assigns the processing of personal data on its behalf or in the context of a specific collaboration (incl. to legal advisors, accountants, conference companies and travel agencies, to those who provide us with technology services such as data analysis, creation, hosting and support of websites, and technical, accounting, tax and/or legal support, support services, data storage/processing systems in the  cloud ("cloud providers"), storage, archiving, and/or file management companies, etc.), having signed a relevant contract for the processing and protection of your data.
  • To auditing companies, to safeguard the legitimate interests of the Company and the performance of our contractual obligation.

Your personal data is not transferred to third countries [i.e. in countries outside the European Economic Area], except when you have given us your written consent, or the transfer is required by law  . The personal data protection laws in those countries, to which your personal data is transferred, may not be equivalent to, or not provide the same degree of protection as, the laws in force in Greece or the EU. Our Company, in this case, ensures that the controllers or processors in third countries comply with European data protection standards and provide appropriate safeguards in relation to the transfer of your data in accordance with Article 46 of the GDPR.

The Company will not make available for sale or otherwise transfer or disclose your personal information to third parties, which are not related to it, without your consent with the exception of compliance with relevant legal dictates and the transfer to the competent authorities only.

  1. When we make automated decisions and profiling

In creating and conducting a business activity we do not exclusively use automated decision-making process.

We  process some of your personal data, and proceed with the creation of a profile for the purpose of targeting marketing and sales promotion activities, but without this being carried out exclusively by automated means and/or taking an automated decision on such basis thereof.

In any case, if we proceed with automated decision-making with profiling in the future we will first obtain your explicit consent.

  1. How we protect your personal data

Our Company takes appropriate technical and organizational measures for the protection and security of your personal data. Our Company's information systems have been developed in complying with the principle of data minimization, so that the personal data you provide us for your navigation is limited to a minimum.

We use various security measures and technologies to protect your personal data from unauthorized access, use, disclosure, alteration or destruction, in accordance with relevant personal data protection and privacy laws such as anonymization, pseudonymization, data encryption, firewalls, principles of data protection  by design and by default (privacy by design and by default) but also organizational measures such as strict systems access policies, employee confidentiality commitments, staff training, periodic audits, etc. Unfortunately, no data transmission or storage system is 100% guaranteed to be secure.

When we share or transfer your personal data with third parties, we ensure that they keep your data confidential and implement appropriate security measures to keep your data secure.

Use of websites not owned or controlled by us (Links)-Third Party Services:

The website may provide access to websites of third parties (natural or legal persons) through appropriate links. These links have been placed exclusively for the convenience of visitors/users of the website, while the websites to which they refer are subject to the respective terms of use of these websites.

The inclusion of links does not imply approval or acceptance of the content of the respective websites by the website operator, who is not responsible for their content or the privacy practices or accuracy of the materials contained therein. If the visitor/user of the website decides to use, through its links, one of the websites of third parties, he accepts that he does so at his own risk.

  1. What rights you have regarding your personal data

Your rights regarding your personal data

Data subjects  have the rights deriving from the GDPR (Articles 15-22) and the applicable legal framework.

In particular, you have the following rights:

the right of access, i.e. the right to be informed, upon your request, whether or not your personal data is being processed lawfully, as well as to request and receive information about the processing being carried out.

the right to request:

  • correcting your inaccurate personal data; This enables you to correct any incomplete or inaccurate data we hold about you;
  • the completion, and/or,
  • limitation of them,
  • the right to request to receive a copy of your personal data in a structured, commonly used and machine-readable format, in order for that data to be transmitted (either by you or by us) to other organizations that you name (known as the right to data portability).
  • the right to object to the processing of your personal data (known as the “right to object”), including profiling;
  • the right to restrict the processing of your personal data
  • the right to request the deletion of your personal data, (known as the "right to be forgotten") provided that this (deletion) does not contravene the provisions of the law, and
  • the right to withdraw the consent you have given us regarding the processing of your personal data at any time. Please note that any withdrawal of consent does not affect the lawfulness of the processing that was based on the consent before it was withdrawn by you.

In case of exercising the above rights, the relevant user requests will also be forwarded to any third party recipients to whom they were communicated/forwarded, as above.

In case of exercising any of the above-mentioned rights, the Company must respond without delay and no later than within 30 days from the receipt and identification of the relevant request. If your request is particularly complex, we may need to extend this period to 2 months. For this extension, the Company must inform you within one month of receiving the request as well as the reasons for the delay.

Any request to exercise these rights will be assessed in accordance with applicable laws  we will examine  if we can satisfy   your request. All actions taken on requests for access to rectification, portability, erasure, objection and restriction of processing are provided free of charge. The Company may charge you the administrative costs of handling a request that is manifestly unfounded or excessive due to its repetitive nature or reject requests when they compromise the privacy of others.

For more information, see here the relevant Application to VIANEX S.A., for Exercising the Rights of Data Subjects.

  1. What happens if you don't want to provide us with your personal data

In cases where the collection of your personal data is based on your consent, you can always refuse to give it. If you object to the processing of your personal data, or if you have provided your consent to the processing and later withdraw it, we will respect your choice, always in accordance with our legal obligations. This could mean that we may not be able to carry out the actions required for you to use the services we offer. This withdrawal does not affect the lawfulness of the processing based on consent before its withdrawal.

  1. Contact information

If you have any questions or requests regarding this Privacy Notice or if you wish to exercise your rights, please contact the Company's Data Protection Officer (DPO), using the following contact details:

Email: This email address is being protected from spambots. You need JavaScript enabled to view it.

Postal Address: 8 Varibobi, Nea Erythraia, 146 71, Kifisia, Greece

  1. Right to submit a complaint to the supervisory authority

In case your issue is not resolved, you can file a complaint to the national Data Protection Authority (DPA). On its website you will find information on how to submit complaints: http://www.dpa.gr