PHAROS

Personal Data Privacy Policy

A. General Information

This Personal Data Privacy Policy (the “Policy”) describes the conditions, purposes and ways in which we collect, process and store information about individual persons communicated via our website (www.pharosgr.gr). This Policy applies only to information gathered by our company, PharOS – Pharmaceutical Oriented Services Limited, from online resources that display a link to this Policy and not from any other source. We reserve the right to update/amend this Policy at any time. It is our intention to post any such updates/amendments on this page so that you are fully informed concerning the types of information we are gathering, how we use it, and under what circumstances it may be disclosed.

B. Personal Data

In this Policy, “Personal Data” refers to any data, whether true or not, about an individual who can be identified (a) from that data; or (b) from that data in connection other information to which we have or are likely to have access, including data in our records as may be updated from time to time.

Examples of Personal Data include your name, address, telephone number, email address and any other information which you have or may provide us in any forms you have submitted to us or via other means of interaction with you.

C. Collection of Personal Data

In general, we collect Personal Data via our website in the following ways:

1. Submission of any information that an individual may wish to communicate to us.

In this section (www.pharosgr.gr/contact/), any person has the ability to contact our company by sending a message in order to request information, make a statement, raise a concern, express any complaint and generally communicate any question it might have in relation to our company, its products and services. Prior to sending each message, we require from the individual to submit Personal Data pertaining to its name, address, email address and the company he/she works for (if applicable). Furthermore, each message sent by the individual may contain Personal Data not requested by our company. All such Personal Data are collected, used and maintained for as long as it is necessary to address the subject of the message. As soon as the reason for retaining and processing the Personal Data ceases to exist, all Personal Data are deleted. Furthermore, Personal Data unrelated to the subject matter of the message or unnecessary for the purposes of the communication with our company, shall be deleted as soon as possible upon receipt and evaluation.

2. Submission of information through our online platform in order for an individual to be considered as a candidate for a position within our organization.

In this section (www.pharosgr.gr/careers/), any individual has the ability to express its interest in working with our company or to apply for a specific job opening. Potential candidates are required to submit their name and email as well as upload their curriculum vitae (CV) in order to be evaluated by our Human Resources department. This section, furthermore, provides each potential candidate the ability to send a message to our company, without any restriction as to the content of such message. All Personal Data collected via this section shall be collected and maintained either until the position for which the candidate has applied is covered, or, if the Personal Data are submitted in the context of expressing a general interest for our company, no later than six (6) months from the day the potential candidate submitted its Personal Data via our website. Personal Data unrelated to or unnecessary for the above purposes, shall be deleted as soon as possible upon receipt and evaluation.

When you browse our website, you do so anonymously. We do not at our website automatically collect Personal Data unless you provide such information.

If you provide us with any Personal Data relating to any third party (e.g. information of your spouse, children, parents, and/or employees), by submitting such information to us, you represent to us that you have obtained the consent of the third party to provide us with their Personal Data for the respective purposes.

D. Non-Disclosure of Personal Data

A. General Information

This Personal Data Privacy Policy (the “Policy”) describes the conditions, purposes and ways in which we collect, process and store information about individual persons communicated via our website (www.pharosgr.gr). This Policy applies only to information gathered by our company, PharOS – Pharmaceutical Oriented Services Limited, from online resources that display a link to this Policy and not from any other source. We reserve the right to update/amend this Policy at any time. It is our intention to post any such updates/amendments on this page so that you are fully informed concerning the types of information we are gathering, how we use it, and under what circumstances it may be disclosed.

B. Personal Data

In this Policy, “Personal Data” refers to any data, whether true or not, about an individual who can be identified (a) from that data; or (b) from that data in connection other information to which we have or are likely to have access, including data in our records as may be updated from time to time.

Examples of Personal Data include your name, address, telephone number, email address and any other information which you have or may provide us in any forms you have submitted to us or via other means of interaction with yo

In this Policy, “Personal Data” refers to any data, whether true or not, about an individual who can be identified (a) from that data; or (b) from that data in connection other information to which we have or are likely to have access, including data in our records as may be updated from time to time.

Examples of Personal Data include your name, address, telephone number, email address and any other information which you have or may provide us in any forms you have submitted to us or via other means of interaction with you.

C. Collection of Personal Data

In general, we collect Personal Data via our website or from face-to-face meetings in the following ways:

  1. Submission of any information that an individual may wish to communicate to us.

In this section (www.pharosgr.gr/contact/), any person has the ability to contact our company by sending a message in order to request information, make a statement, raise a concern, express any complaint and generally communicate any question it might have in relation to our company, its products and services. Prior to sending each message, we require from the individual to submit Personal Data pertaining to its name, address, email address and the company he/she works for (if applicable). Furthermore, each message sent by the individual may contain Personal Data not requested by our company. All such Personal Data are collected, used and maintained for as long as it is necessary to address the subject of the message. As soon as the reason for retaining and processing the Personal Data ceases to exist, all Personal Data are deleted. Furthermore, Personal Data unrelated to the subject matter of the message or unnecessary for the purposes of the communication with our company, shall be deleted as soon as possible upon receipt and evaluation.

  1. Submission of information through our online platform in order for an individual to be considered as a candidate for a position within our organization.

In this section (www.pharosgr.gr/careers/), any individual has the ability to express its interest in working with our company or to apply for a specific job opening. Potential candidates are required to submit their name and email as well as upload their curriculum vitae (CV) in order to be evaluated by our Human Resources department. This section, furthermore, provides each potential candidate the ability to send a message to our company, without any restriction as to the content of such message. All Personal Data collected via this section shall be collected and maintained either until the position for which the candidate has applied is covered, or, if the Personal Data are submitted in the context of expressing a general interest for our company, no later than six (6) months from the day the potential candidate submitted its Personal Data via our website. Personal Data unrelated to or unnecessary for the above purposes, shall be deleted as soon as possible upon receipt and evaluation.

When you browse our website, you do so anonymously. We do not at our website automatically collect Personal Data unless you provide such information.

If you provide us with any Personal Data relating to any third party (e.g. information of your spouse, children, parents, and/or employees), by submitting such information to us, you represent to us that you have obtained the consent of the third party to provide us with their Personal Data for the respective purposes.

3. Submission of information by individuals who wish to establish a business communication or relationship with our company (“Business Contacts”) through specialized applications and online platforms used by them, as participants in exhibitions, conferences, seminars or business meetings (i.e. CPhI App, CPhI online platform) or by business card exchange through face to face meetings with the employees and representatives of our company. The purpose of such processing of personal data is  the initiation, performance and execution of a contract with the Business Contact or its company or the establishment of a  business communication for the purchase of the Business Contact’s products and/or services or the  promotion of our Company’s products and services or for customer relationship management, Processing of personal data under this section is based either on the Business Contact’s consent provided through a specialized app or platform, exchange of business card, scanning of batch QR code (which may be withdrawn at any time) or the to carry out the contract between the Business Contact or its company and our company

D. Non-Disclosure of Personal Data

We will not, in any way share with or otherwise disclose your Personal Data to third parties outside our company except in case we are required to do so because of an applicable regulation, law, court order or if such disclosure is otherwise necessary to support any legal or criminal investigation. In such cases, we shall only disclose that part of your Personal Data which is necessary for the above purposes.

E. Rights of individuals

Any individual whose Personal Data are being processed, maintained, stored or used by our company may be entitled to do the following, by sending an e-mail to the e-mail address referred to in Section G below:

  • Ask our company for information about what Personal Data are being processed and the rationale for such processing;
  • Ask our company to grant access to the Personal Data being processed and request copies of such Personal Data;
  • Ask for modifications to its Personal Data, in case the individual believes that such Personal Data are not up to date or accurate;
  • Withdraw a previously given consent for processing of the Personal Data;
  • Object to the processing of the Personal Data;
  • Ask our company to delete the Personal Data; and
  • Ask our company to transfer the Personal Data to another organization

F. Security

Our company takes all reasonable measures to protect Personal Data disclosed to us from unauthorized access or use, loss, alteration or destruction. While we cannot warrant against any such loss, theft, misuse etc., we aim to prevent such unfortunate incidents.

G. Contact

If you have any questions about this Policy, or if you would like to make any recommendations or comments to improve the quality of our Policy, please e-mail us at legal@pharosgr.gr.

E. Rights of individuals

Any individual whose Personal Data are being processed, maintained, stored or used by our company may be entitled to do the following, by sending an e-mail to the e-mail address referred to in Section G below:

  • Ask our company for information about what Personal Data are being processed and the rationale for such processing;
  • Ask our company to grant access to the Personal Data being processed and request copies of such Personal Data;
  • Ask for modifications to its Personal Data, in case the individual believes that such Personal Data are not up to date or accurate;
  • Withdraw a previously given consent for processing of the Personal Data;
  • Object to the processing of the Personal Data;
  • Ask our company to delete the Personal Data; and
  • Ask our company to transfer the Personal Data to another organization.

F. Security

Our company takes all reasonable measures to protect Personal Data disclosed to us from unauthorized access or use, loss, alteration or destruction. While we cannot warrant against any such loss, theft, misuse etc., we aim to prevent such unfortunate incidents.

G. Contact

If you have any questions about this Policy, or if you would like to make any recommendations or comments to improve the quality of our Policy, please e-mail us at legal@pharosgr.gr.

Data Protection Information Notice For Pharmacovigilance Purposes

1. INTRODUCTION

Pharos Oriented Services Single Member Limited Liability Company (“Pharos”) with  registered office at Lesvou str. (end), Thesi Loggos, Industrial Zone, Metamorfosi Attikis, 14452, Greece  collects, processes and use personal data for pharmacovigilance purposes as defined below.

This Notice aims to explain to the data subjects how Pharos, as data controller, when acting as Marketing Authorization holder and as data processor, when acting on behalf of its clients (controllers purchasing pharmacovigilance services), processes and protects personal data when data subjects:

•             report an adverse event/adverse drug reaction

•             request information about Pharmaceutical Product manufactured or distributed by Pharos or Pharos’ clients when the latest have assigned to Pharos the provision of pharmacovigilance services, or

•             submit other claims or questions connected to pharmacovigilance issues, adverse events/adverse drug reactions or medical issues.

2. PROCESSING OF PERSONAL DATA FOR THE PURPOSE OF PHARMACOVIGILANCE

Pharos processes the information data subjects provide to Pharos about themselves (or other persons) following a question or an adverse event / adverse drug reaction notification.

I. Purposes of Data Processing:

Pharos processes personal data in order to fulfil its own or its clients legal obligations in connection with the reported adverse events /adverse drug reactions,  to operate the drug safety monitoring system; to fulfil the reporting obligation of adverse drug reactions prescribed by legal regulations; reply to reporter and follow-up to reports.

II. Legal basis of data processing:  

Pharos is obliged by pharmacovigilance legislation to record, process and store information on adverse events / adverse drug reactions and personal data included in such reports, furthermore to submit these reports according to the applicable legal regulations.  

Such legal regulations are:

•             DIRECTIVE 2010/84/EU OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 15 December 2010 amending, as regards pharmacovigilance, Directive 2001/83/EC on the Community code relating to medicinal products for human use and

•             Guideline on good pharmacovigilance practices (GVP) – Module VI – Collection, management and submission of reports of suspected adverse reactions to medicinal products;

III. Categories of personal data:

Pharos processes for the aforementioned purposes the following personal data:

•             Patients’ personal data: contact details (e.g. name, email address, phone number, address, facsimile number); age/date of birth, sex, weight, height; biological characteristics; past and current medicinal therapies or remedies; medical status; medical history, results of medical tests and examinations, information on consumption of concomitant drugs.

•             Reporter personal data: contact details (e.g. name, email address, phone number, address); profession and workplace data; relationship with the patient, data included in the report (e.g. date, signature) or phone call data.

•             Healthcare professional personal data contact details (e.g. name, email address, phone number, address); profession and workplace data; relationship with the patient, data included in the report (e.g. date, signature) or phone call data.

3. TRANSFER OF PERSONAL DATA

According to the pharmacovigilance legislation, Pharos is obliged to share personal data with the competent regulatory authorities and/or with the Marketing authorization holders.

Only the employees of pharmacovigilance department have access to personal data processed by Pharos for pharmacovigilance purposes. Access to personal data is restricted on need-to-know basis.

Whenever third-party service provider (is engaged by Pharos in the course of pharmacovigilance service delivery Pharos will (i) diligently choose such third-party service providers, and (ii) ensure that such third-party service providers adopt adequate technical and organizational security measures

Due to cross-border nature of pharmacovigilance service, Pharos may transfer personal data to the mentioned entities residing in the European Economic Area (“EEA”) and rarely outside EEA, including in countries which do not adduce the same level of protection of personal data as in the EEA. Pharos will only carry out personal data transfers outside the EEA where Pharos is confident that the level of protection applied to personal data will be similar as if it had remained within the EEA. Any queries in relation to personal data described in this Notice or enforcement of any of the below data subject’s rights may be addressed to Pharos via email to pharmacovigilance@pharosgr.gr

4. Data Protection Information Notice For Clinical Study Purposes

1. INTRODUCTION

Pharos Oriented Services Single Member Limited Liability Company (“Pharos”) with  registered office at Lesvou str. (end), Thesi Loggos, Industrial Zone, Metamorfosi Attikis, 14452, Greece  sponsors clinical studies in the context of the development of generic pharmaceutical products.

As sponsor of clinical studies, Pharos is responsible for processing and controlling personal data gathered during the clinical studies. Pharos involves external parties, such as contract research organizations (CROs), sites, investigators or other research organizations to process the personal data.

This Notice aims to explain to the data subjects how Pharos, as data controller, when acting as sponsor in a clinical study, processes and protects personal data.

2. PROCESSING OF PERSONAL DATA FOR THE PURPOSE OF CLINICAL STUDIES

Pharos processes the information data subjects provide to the investigator about themselves prior to participating in the clinical study.  

The personal data of clinical trial participants are recorded using a unique identification study number in order to be pseudonymized. Such measure is taken to prevent the identity of the data subjects being revealed. The link between the unique study number and data subjects’ identity is only known to the investigator, which is bound by medical confidentiality, and is not provided to the CRO or PharOS or made publicly available.

Personal data of staff of Pharos or qualified persons for GCP, GLP and/or GMP documentation or employees of CROs or investigators acting on behalf of Pharos may be also processed in the context of clinical studies.

The clinical trial data may be disclosed to competent authorities during an inspection under the applicable laws or in the course of the performance of safety reporting under Articles 41 to 43 of the Regulation (EU) No 536/2014 of the European Parliament and of the Council of 16 April 2014 on clinical trials on medicinal products for human use (“CTR”). It is clarified that the personal data of clinical trial participants are anonymized, when published.

  1. Purposes of Data Processing:

Pharos processes personal data to support a clinical study and to fulfill the statutory obligations with respect to such study. Such personal data are processed in order to draw conclusions from the result of the study and to receive authorization from relevant regulatory authorities for the commercialization of Pharos’ pharmaceutical products or from competent authorities for inspection or safety reporting purposes.

  1. Legal basis of data processing:  

The processing of personal data in the context of safety reporting or in the context of an inspection by national competent authority, or the retention of clinical trial data in accordance with archiving obligations are necessary to comply with legal obligations to which Pharos is subject to.

Such legal obligations are set up by the CTR.

The processing of personal data is necessary for reasons of public interest in the area of public health, which is to ensure high standards of quality and safety of health care and of medicinal products, on the basis of Union or Member State law which provides for suitable and specific measures to safeguard the rights and freedoms of the data subject.

  1. Categories of personal data:

For the aforementioned purposes, the following personal data of clinical trial participants are collected and processed by the investigator on behalf of Pharos, including but not limited to:

Contact details (e.g. name, email address, phone number, address, facsimile number); demographic characteristics, weight, height; vital signs; past and current medicinal therapies or remedies; medical status; medical history, results of medical tests and examinations and adverse events.

Also, in the context of the clinical study, Pharos processes the following data:

Personal data (CV, training record) of investigators who conducted the trial or of CRO’s employees, legal representatives of Pharos, head of the clinic/institution.

  1. Retention period of personal data:

The personal data will be retained for as long as necessary to fulfill the purpose for which it was collected or to comply with legal requirements. More specifically, the clinical trial master file and the medical files of subjects will be archived for 25 years according to Article 58 of CTR. After such time period have expired, the personal data are deleted or retained in a form such that it does not identify the data subjects.

3. TRANSFER OF PERSONAL DATA

Pharos is obliged to share personal data with the competent authorities for regulatory and supervision purposes.

Personal data may also be shared with third party service providers who Pharos engages to assist the latter in conducting the study. As a sponsor, for example, Pharos may instruct a third party to monitor and support the study on behalf of Pharos. If this is the case, Pharos will enter into an agreement with this third party, which will also safeguard the security and confidentiality of the processing of data subject’s personal data by such third party on behalf of Pharos.

As Pharos works with third party service providers or need to share the findings of a study with supervisory authorities, Pharos may transfer personal data to the mentioned entities residing in the European Economic Area (“EEA”) and rarely outside EEA, including in countries which do not adduce the same level of protection of personal data as in the EEA. Pharos will only carry out personal data transfers outside the EEA where Pharos is confident that the level of protection applied to personal data will be similar as if it had remained within the EEA.

Any queries in relation to personal data described in this Notice or enforcement of any of the below data subject’s rights may be addressed to Pharos via email to clop@pharosgr.gr.