Privacy Notice for HCPs – published on the Company’s Website
Dear Doctor / Health Care Professional
We take your privacy very seriously and we commit to respect it to the sector’s highest standards. For
this reason we wish to provide up-to-date information as to how Menarini Hellas S.A, Anastasiou Damvergi
7, Athens. 10445 (hereinafter the “Company”, or “we”) processes your personal data and ensures
compliance with the applicable laws, including Regulation 2016/679/EU (the “Regulation”).
1. What we can do with your Data
The personal data you are conferring or you have previously conferred on occasion of previous contacts
with us may be processed by the Company in its capacity of Data Controller for the following purposes:
(A) “Scientific Information Activities”, also performed via digital communication media as emails.
Scientific Information includes all methods with which scientific information messages are conveyed to
HCPs, i.e. directly by Reps, by correspondence (publications dispatched by postal mail and/or email), by
means of events, congresses, webinars and continuing education.
(B) “Institutional Communication Activities”, performed also by means of digital communication media
(e.g. email), pertaining to the Company and to its initiatives and products;
(C) Customisation of our Scientific Information activities/services by assessing your needs, preferences
and professional interests (“Profiling”).
2. What Data we collect
The personal data which we may process (“Data”) are the following:
(1) Professional/Academic Title; (2) Name; (3) Surname; (4) Date and Place of birth; (5) year of
graduation; (6) Gender; (7) Tax Number / Social Security Number; (8) Correspondence and visit address
(street, number, city, county, as well as email address and details of any other digital account); (9) visit
times; (10) work phone number; (11) professional mobile phone number; (12) Work sector; (13)
Additional academic and professional qualifications/specialisations; (14) average number of registered
patients; (15) job position (e.g. Consultant Cardiologist, Ippokratio General Hospital; Head of Cardiology
Unit, Tzanio General Hospital); (16) conventions with the National Health System; (17) Data related to
the Scientific Conferences and other symposia attended by the HCPs and supported by the Company;
(18) Data pertaining to the use and/or viewing, on your part, of our electronic/digital informational
materials; (19) other information pertaining to your profession and preferences with regards to the
services we offer.
Consent to Data processing is required to enable us to perform our Scientific Information activities and
for this reason we ask you to provide at least the above data highlighted in bold fonts: if you withhold
them we will be unable to address any Scientific Information activity to you. Conversely, granting your
consent to collect all the other data and to process them for the additional purposes indicated above
(that is, other than Scientific Information) is optional -your refusal will not prevent us from addressing
Scientific Information Activities to you, although we will be unable to tailor our services to your needs
and/or to provide updates on the news regarding the Companies of our Group.
We inform you that your consent is the legal basis for the data processing operations described above, at
art. 6.1.a. of the Regulation. Furthermore, your data may also be processed without your consent in
order to fulfil obligations stemming from laws, regulations and EU law, as well as to enforce or defend a
legal right judicially, to pursue legitimate interests (e.g. to share data among Menarini Group Companies)
and in all other cases prescribed by arts. 6 and 9 of the Regulation, where these are applicable.
3. How we process your Data.
Data are processed both in paper and electronically and entered into the company system in line with
the applicable laws –including the aspects pertaining to data security and confidentiality- and according
to the principles of fair and lawful processing. Your Data shall be stored only as long as strictly necessary
to fulfil the goals for which they were collected; in any case, the criterion used to determine the length of
the storage period takes into due account the need to comply with any relevant legal requirement, the
principle of data minimisation and the need to rationally manage the Company’s records. We may store
your data even after the end of our activities towards you, but only for as long as necessary to fulfil
contractual and legal obligations as well as to fulfil the purposes listed above. We update and maintain
our databases so as to ensure your Data are always correct and accurate.
4. Who can access your Data
Data may be processed by staff belonging to the following categories: administrative staff, reps, product
managers. Data may also be processed by all those other members of staff who may need to do so by
reason of their job duties. In addition, pursuant to arts. 6 and 9, Recitals 48 and 52 of the Regulation,
Data may be communicated to the Company’s parent company A. Menarini IFR Srl, based in Florence
(Italy), as well as to other companies of the Menarini Group, including those located in non-EU Countries
(“Third Countries”) for organisational, administrative, financial and accounting necessities. Based on the
legal and regulatory provisions to which we are bound, we may communicate your Data to the [National
Regulatory Agency for Medicines], to SFEE, to national and local Health Authorities, other health centres
and universities, other public authorities, association bodies as well as other recipients to whom your
Data shall be disclosed pursuant to laws or regulations. In addition, in relation to the above obligations
and purposes, data may be communicated to other companies, such as suppliers, sub-suppliers, IT and
“Cloud Computing” service providers, agencies and event organisation entities, professional service
providers and companies that perform tax/administrative tasks on our behalf, even in Third Countries.
Such entities/individuals will act, as the case may be, as data controllers or data processors, for the same
purposes listed above and in line with the applicable law. As far as Data transfers to Third Countries are
concerned –including transfers to countries which may not guarantee the same protection standards as
the applicable privacy laws, we inform you that Data processing will take place only in accordance with
the provisions set forth by the laws in force, such as, for example, your consent, the adoption of Model
Contract Clauses approved by the EU Commission, the selection of commercial partners enrolled in
programs for the international free movement of data (e.g. the EU-USA Privacy Shield) or operating in
Countries considered safe by the EU Commission.
5. Your Rights to Access and Control your Data
You may at any time contact us at firstname.lastname@example.org as well as to our address in order to exercise the
rights afforded by arts. 15-22 of the Regulation, including: knowing whether or not any Data referring to
you is being processed by us; access your Data; verify the Data’s content, origin, exactness, location
(including, where applicable, the Third Countries where the data might be); obtain a copy of the Data;
ask that the Data are supplemented, updated, amended; in the circumstances set forth by the law, ask
that the processing of Data is restricted, that Data are deleted, anonymised, frozen; oppose to profiling
operations and direct contact activities (including restricting contact methods to specific communication
media), oppose to the processing of Data for legitimate reasons. Likewise, you may at any time withdraw
consent (although this will not impair the lawfulness of the processing operations performed before your
consent’s withdrawal) and/or notify the Menarini Group’s Data Protection Officer dpo at www.menarini.
Com/Greece any observations you may have on our use of your Data which you consider inappropriate
and/or lodge a complaint with the National Data Protection Authority.