Privacy Information Notice issued by Menarini Hellas pursuant to art. 13, Regulation (EU) 2016/679 (“GDPR”)
How we process the personal data collected by our call centre and company switchboard (210-8316111).
The present information notice, issued by Menarini Hellas (hereinafter the “Company”, the “Controller”, or “we”) is addressed to all individuals who contact the Company at the above-indicated number, or submit their data via e-mail.
Contact Data and DPO
The data Controller is Menarini Hellas, with registered offices in Patmou 16-18 str, 15123 Marousi Greece.
The Data Protection Officer (“DPO”) of the Menarini Group may be reached via email at email@example.com
What data we process
The data we process are your “ordinary” data (e.g. name, surname, phone number, etc.) and your “special categories” of data, particularly information which may reveal your health conditions. These include all the information you disclose to us in the course of telephone contacts or in other correspondence.
In case you call our call centre, we warn you that your number may automatically be detected. In addition, the recordings of the messages you leave in our voice mail will be matched with your phone number. We inform you that if you supply third-party information, you need to provide to such third parties the full information notice beforehand and –where required by the law- obtain their prior informed consent.
For what reason we process your data and how
We inform you that your Data may be processed by the Controller for the following purposes:
(i) management of your requests and notifications, which may include: requests for medical information; remarks (including complaints) about the quality of our products; adverse events (i.e. Pharmaco-vigilance and/or Cosmeto- vigilance and/or Device-vigilance. The legal basis for the processing for such purposes is the pursuit of a public interest in the area of public health consisting in ensuring high standards of quality and safety of health care and of medicinal products or medical devices (art. 9.2.(i) of the GDPR)
(ii) delivery of materials and samples of our products; The legal basis for the processing for such purpose is the legitimate interest of the Company to promote its products (art. 6.1.(f) of the GDPR).
(iii) provision of technical assistance on our devices. The legal basis for the processing for such purposes is your consent (art. 6.1.(a) and 9.2.(a) of the GDPR).
Finally, your ordinary and special categories of data may be processed by the Company to establish/defend legal claims or to enforce the Code of Conduct of the Menarini Group (arts. 6.1.(f) and 9.2.(f) of the GDPR).
All your data are processed manually or electronically, on paper or with automated devices, which are at any rate suitable to ensure your data’s the security and confidentiality.
Your data are required insofar as we need them to provide the services described above – failure to give such essential data will preclude the Company to provide the services or handle your requests. Failure to provide optional data shall have no consequence on the provision of the service/request handling.
How we process your data
In line with the provisions of art. 5.1.(c) GDPR, we minimise the use of identifying personal data i.e. we process them only insofar as necessary to achieve the purposes indicated in this document. The data will be stored for as long as necessary to pursue the actual purposes for which they were collected, and in any case the criterion to determine the data retention period is based on compliance with the terms set forth by the applicable laws, as well as with the principles of data minimisation, storage limitation and rational management of archives.
How we ensure the security and quality of your personal data
The Company commits to ensuring the security of your data and to respecting the security measures set forth by the applicable laws to prevent data losses, the unauthorised or unlawful access to, or use of, your data, including but not limited to arts. 25-32 GDPR. The Company uses a number of technological security solutions and procedures designed to protect your personal data; for example, your data are stored on secure servers located in restricted and protected access places.
Who may access the data
The staff authorised to process personal data belongs to the categories of administrative staff, customer care staff (e.g., as may be the case, call centre staff or staff in charge of handling medical enquires, quality assurance complaints, pharmaco-vigilance reports), IT technicians, as well as other staff which needs to process data to perform their job duties.
Data may be communicated, also in non-EU countries (“Third Countries”) to other companies of the Menarini Group, for the same purposes and/or administrative purposes, as per art. 6.1.(f) and recital 48 GDPR.
In addition, data may be communicated, also in Third Countries, to: (i) institutions, authorities, public entities for their institutional purposes; (ii) professionals, independent consultants –working individually or in partnerships- and other third parties and providers which supply to the Company commercial, professional or technical services (e.g. IT and cloud computing service providers) including externalised call centres, for the pursuit of the above-indicated purposes, (iii) third parties in case of mergers, acquisitions, company or branch take-overs, audits or other extraordinary operations; (iv) Supervisory Company Bodies, based at the controller’s Address, to pursue thier own supervisory activities and to enforce the Menarini Group Code of Conduct. Said recipients will only process the data required for their job duties and commit to use them only for the above-indicated purposes, and process them in compliance with the law. Data may in addition be communicated to the recipients identified by the applicable laws. Except as stated above, data are not shared with third parties (be they natural or legal persons), which do not provide any technical, professional or commercial service to the Controller, and will not be disseminated. Recipients process data in the capacity as data controllers, data processors or person authorised to process personal data, as the case may be, for the purposes indicated above and in compliance with the applicable laws.
As far as data transfers to Third Countries are concerned (including countries who may not afford the right to “data privacy” the same level of protection as EU law), the Controller informs that data will be transferred in compliance with one of the methods prescribed by the GDPR, including your consent, the adoption of Standard Contractual Clauses approved by the EU Commission, the selection of recipients enrolled in programmes for the free movement of data (e.g. EU-US Privacy Shield) or operating in countries considered safe by the EU Commission.
You may at any time exercise the rights afforded to you by arts. 15-22 of the GDPR, including: the right to know whether we are processing your data or not, verify their content, origin, accuracy, location (including the Third Countries where they might be), ask a copy, ask that they are rectified and, where envisaged by the applicable, law, obtain the restriction of their processing, their erasure, or oppose to their processing, withdraw the consent you have given (without prejudice for the lawfulness of the processing carried out before withdrawal) by writing to the postal address indicated above or via email at firstname.lastname@example.org.
Likewise, you may submit any remarks you may have on the processing of your data which you regard as inappropriate by writing an email to the DPO (email@example.com); you may also lodge a complaint with (Data Protection Authorities).
By pressing “1” on your phone you are consenting to the processing of your personal data for the purposes outlined in the information notice at point iii above, which you hereby confirm you have read. If you do not consent we’ll be unable to provide any technical assistance on our devices.