1. Introduction

Information and data security and confidentiality are a high priority for the company “LIBYTEC PHARMACEUTICAL S.A.” (hereinafter referred to as the “Company”).

To achieve the above, the Company implements all up-to-date and appropriate for processing purposes technical and organisational measures, while controlling the response to these at regular time intervals.

The PERSONAL DATA PROTECTION POLICY provides information on personal data collected and processed by the Company in the course of its business, both in hard copy and in electronic form.

This Policy describes the types of personal data or personal information collected by the Company, how the Company uses the information, how the Company processes and protects the information collected, for how long it stores the information, with whom it shares the information, to whom it transfers the information, and the rights that individuals can exercise regarding the use of their personal data.

Personal Data Controller

The company, “LIBYTEC PHARMACEUTICAL S.A.”, based in Elliniko, Attica, Vouliagmenis Avenue, number 24, contact telephone numbers 210-9609960 and 210-9638518 is the Personal Data Controller.

2. Definitions

PERSONAL DATA: Any information relating to an identified or identifiable natural person (= DATA SUBJECT), i.e. the person whose identity can be directly or indirectly verified. Critical element is the association of the information with the person and not the quality of the information, such as for instance the name, ID card number, National Insurance Number (AMKA), etc.

SPECIAL CATEGORY PERSONAL DATA (or sensitive personal data): Any information revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, genetic data, biometric data, health data, data concerning sex life or sexual orientation.

DATA CONCERNING HEALTH: Personal data related to a natural person’s past, present or future physical or mental health, including the provision of health care services, from which information about his or her health emerge.

PROCESSING: Collection, filling, organisation, structuring, storage, adaptation, alteration, retrieval, information search, use, transmission, dissemination, deletion or destruction.

DATA CONTROLLER (D.C.): Any natural or legal person in the public or private sector, who retains and processes personal data. The D.C. determines the purposes and means of the processing of personal data.

DATA PROCESSOR (D.P.): Any natural or legal person in the public or private sector, who processes personal data on behalf of a Data Controller.

RECIPIENT: The natural or legal person to whom the data are disclosed.

SUPERVISORY AUTHORITY: An Independent public authority set up by the Member State concerned. In Greece this is the HELLENIC DATA PROTECTION AUTHORITY.

Data Subject’s CONSENT: Any freely given, specific, informed, unambiguous indication of the data subject’s wishes by which the data subject, by a statement or a clear affirmative action, signifies agreement to the processing of personal data relating to him/her.

3. General Principles for the Processing of Personal Data

According to the Regulation, each company must:

  • Collect personal data in a fair and lawful manner;
  • Keep only the data needed;
  • Keep the data safe;
  • Store the data only for the time period required for collection and processing purposes;
  • Inform data subjects of the retention of data;
  • Take all appropriate organisational and technical measures to ensure data security and protect it against accidental or unlawful destruction, accidental loss, alteration, unauthorised dissemination or access, and be able to provide proof for all the above at any time.

4. Purpose

The purpose of this Policy is to provide information and guidance to the Company’s suppliers, customers and affiliates regarding their Personal Data retention, i.e. what personal information the Company retains, for how long and for what purpose.

As far as the Company’s Employees are concerned (prospective, existing and former employees), the Company’s Personnel Personal Data Retention Policy applies.

5. Personal Data Protection Policy

A) Legal Basis for Processing

  • - The Company’s compliance with its statutory obligations, in particular pharmaceutical legislation and the legislation on medical devices and food supplements.
  • - Fulfilling of the Company’s contractual obligations.
  • - Ensuring the proper functioning of the Company in the context of its activity.
  • - Satisfying data subjects’ requests for information and communication.
  • - Safeguarding the Company’s personnel, facilities and equipment.
  • - Fulfilling the Company’s contractual obligations to third parties, such as product manufacturers.

B) Type of personal data and method of processing

The Company shall keep, as appropriate, the following personal data:

Health Care Professionals

- Name
- Surname
- National Insurance Number (ΑΜΚΑ)
- Specialty
- Employment Body
- Professional / Academic title
- Mailing and visit address (street, number, city, province)
- E-mail address and other electronic account details
- Visit Hours
- Work telephone number
- Work mobile phone number
- Work sector
- Job position
- Tax Identification Number

Suppliers/ Partners

- Full Name or Company Name
- Address
- Telephone
- Tax Identification Number
- Tax Office
- General Electronic Commercial Registry Number
- Fax
- E-mail address
- Contact persons and relevant contact details

C) Purposes of Processing

- Sponsoring the participation of Health Care Professionals (HCPs) in various conferences of the National Organization for Medicines (EOF).
- Provision of information, promotion and commercial communication of the Company’s products and services.
- Provision of information to HCPs about scientific events, conferences or seminars organized by the National Organization for Medicines (EOF).
- Order or contract execution
- Fulfilling the Company’s legal obligations towards an Insurance Institution, a Clinic or a Public Hospital
- Compliance of the Company with the pharmaceutical legislation and the legislation on medical devices and food supplements (e.g. side effects).
- Compliance with the manufacturer’s requirements.
- Fulfilment of the Company’s obligations.
- Achieving the Company’s legitimate business objectives.
- Responding to requests from the Company’s Suppliers, Partners and Clients (including patients).

In any case, personal data is voluntarily submitted to the Company by the data subjects themselves or through their representatives. Cases where such data are disclosed to the Company by public services so as to take actions that fall within its activities are excluded.

D) Personal Data Retention Period

This data shall only be retained by the Company for as long as it is strictly necessary to fulfil the purpose of collection in accordance with the relevant legislation and then shall be destructed.

E) Method of Processing

The Company only collects the required personal data, where appropriate.

Furthermore, data processing of the data kept is carried out, where necessary, in both paper and electronic form, and is recorded in the Company’s corporate system in accordance with the applicable legislation – including the provisions on data security and confidentiality and in accordance with the principle of fair and lawful processing.

F) Disclosure of Personal Data

This data shall be processed by the Company’s authorised personnel. Moreover, this data may be disclosed and made available, on a case-by-case basis and according to the relevant purpose of processing, to legal or natural persons, with whom the Company may from time to time cooperate, such as for example a law firm or an insurance company or manufacturers and marketing authorisation holders or conference organisers, etc., Public Services and Information Systems, such as the Centre for the support of employment and entrepreneurship (“ERGANI”), the National Organization for Medicines (EOF), the Independent Authority for Public Revenue (IAPR) etc., Banks, Insurance Bodies, Auditors in compliance with the Company’s external and internal regulations or by law, where required.

As part of the Company’s business activity, personal data may be disclosed to the Company’s suppliers or to the Company’s partners who provide services to the Company. However, in this case, the legal or natural persons will process such data only for the purpose of providing the Services to the Company and not for their own benefit, in the capacity of data processors, and shall be bound by a Statement of Privacy and Confidentiality.

Exceptionally, personal data may be disclosed to third parties, including the competent police authorities and prosecutors, to the extent that there is a statutory obligation in this respect or pursuant to a decision or order of a judicial authority.

G) Transmission of Personal Data

This data shall not be transmitted to a third country or international organisation. In case of data transmission outside the European Economic Area, the Company is committed to taking the necessary measures to ensure that the data transmitted to third parties is the minimum necessary and that the conditions for lawful and fair processing are always met.

6. Rights

Each data subject has the right to know and have access to his/her personal data held by the Company in accordance with this Policy, to verify the accuracy of the personal data provided to the Company and to update his/her personal data details.

The data subject may at any time contact the Company and, in particular, with the Data Protection Officer (contact telephone: 210-3645691 & e- mail: This email address is being protected from spambots. You need JavaScript enabled to view it.) to exercise his/her rights under the General Data Protection Regulation (Articles 15-22), including, inter alia, to request access to its data (in order to be informed of the data and the reason why it is processed by the Company and its recipients), to verify the content, origin, accuracy and location of his/her data, to obtain a copy of his/her data, to request the completion, updating, modification of his/her data, in cases specified by law, to request the restriction of data processing, the request for data deletion etc. In principle, these rights are exercised at no cost to the subject.

Furthermore, if the data subject has consented by submitting a Statement of Consent, he/she may at any time withdraw his/her consent at any time by a simple revocation statement (This email address is being protected from spambots. You need JavaScript enabled to view it., 210-3645691, 51, Stournari street, Athens), without prejudice to the legality of the processing based on the subject’s consent prior to the withdrawal of consent or the Company’s compliance with its statutory obligations

Finally, each subject may at any time inform directly the Personal Data Protection Authority if he/she considers that the Company’s use of his/her data is inappropriate (

24, Vouliagmeni Avenue, Elliniko,
Attica 16777, Greece

  • Email:
  • Phone: +30 210 9609960
  • Fax: +30 210 9638438
  • GEMI number: 121906301000



We use the "Cookies" technology to facilitate the use of this website.