Last updated: 23.04.2024
Contents
- Object of the Declaration of Confidentiality of Partners and Suppliers
- Definitions
- Responsible for Processing
- Data Protection Officer (DPO)
- Collection and processing of personal data of partners and suppliers
- Processing purposes
- Legal basis of processing
- Addressees and transfer of personal data
- Storage and security of personal data
- Rights of data subjects
- Amendments and updates in this Privacy Notice to Affiliates and Suppliers
- Contact details
1. Object of the Declaration of Confidentiality of Partners and Suppliers
ELPEN PHARMACEUTICAL CO INC ("ELPEN" or "our company") as part of its legitimate market activity, communicates on a stable basis and generally cooperates with suppliers and various external partners. This Statement relates to the extent to which, due to their cooperation, ELPEN collects and processes personal data of associates and suppliers of natural persons or of the representatives and contacts of the respective associates and suppliers of legal persons.
ELPEN fully respects the confidentiality of the personal data of all its associates and makes every effort to protect them in full compliance with the existing legislation and Regulation (EU) 2016/679 of the European Parliament and of the Council of 27.4.2016 on the protection of individuals with regard to the processing of personal data (General Data Protection Regulation, hereafter "GDPR"). This Privacy Statement is
intended to inform our associates and suppliers about the manner and purpose of collecting and processing their personal data from ELPEN and explain their rights and choices regarding these data, providing all the necessary information to them under Articles 12 and 13 of the GDPR.
This Affiliate and Suppliers Privacy Statement applies only to personal data collected and processed in the context of the cooperation of a natural person or a representative of a cooperating legal entity with our company and does not concern any other collection and processing of personal data in which ELPEN is likely to undertake in other relationships - its partnerships with natural persons and / or other processing activities it carries out. ELPEN may provide additional information to any of its affiliates on the processing and general protection of their personal data, on a case-by-case basis, and on the purpose of processing. These notices are completed in any case by this Privacy Statement. In addition, if the individual agreement between the company and the concerned partner and supplier contains specific data protection terms, they are supplemented by this and applied jointly.
2. Definitions
For the purposes of this Confidentiality and Supplier Privacy Statement, we mean:
“Personal data”: means any information relating to an identified or identifiable natural person (“data subject”); an identifiable natural person is one whose identity can be ascertained, directly or indirectly, in particular by reference to an identifying identifier such as name, identity number, location data, online identity card, or one or more factors specific to physical, physiological, genetic, psychological, economic, cultural or social identity of that natural person.
“Special categories of personal data”: personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs or membership of a trade union, as well as the processing of genetic data, biometric data for the undeniable identification of a person, data relating to health or data concerning sexual life of a natural person or sexual orientation.
“Health data”: means personal data relating to the physical or mental health of a natural person, including the provision of healthcare services, which reveal information about his / her state of health.
"Processing": means any act or set of acts carried out with or without the use of automated means in personal data or in sets of personal data such as the collection, registration, organization, structuring, storage, adaptation or change, retrieval, seeking of information, use, disclosure by transmission, dissemination or any other form of disposal, association or combination, restriction, erasure or destruction.
“Controller”: means a natural or legal person, a public authority, a service or another body which, alone or jointly with others, defines the purposes and the manner in which personal data are processed; where the purpose and method of processing are defined by the law of the Union or the law of a Member State, the controller or the specific criteria for his appointment may be provided for by Union law or by the law of a Member State
"Processing manager": means a natural or legal person, a public authority, a service or another entity that processes personal data on behalf of the controller.
“Data protection officer”: means the natural person designated by the controller and the processor for the reasons provided for by law, on the basis of his professional qualifications and his expertise in the field of data protection law and practices, with a primary duty to participate in all issues related to the protection of personal data.
"Consent" of the data subject: any indication of will, free, specific, explicit and in full knowledge, by which the data subject expresses agreement with a declaration or with a clear positive action to process the personal data they concern it.
"Violation of personal data" means a breach of security that results in the accidental or unlawful destruction, loss, alteration, unauthorized disclosure or access to personal data transmitted, stored or otherwise processed.
"Existing legislation": The provisions of Greek, Union or other legislation to which ELPEN A.E. refers to and define issues of personal data protection, such as:
- Law No. 4624/2019 on the Hellenic Data Protection measures implementing Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and incorporating into national legislation of Directive (EU) 2016/680 of the European Parliament and of the Council of 27th April 2016 and other provisions,
- Law 2472/1997 on the protection of individuals from the processing of personal data, as to the provisions thereof which remain in force,
- Law 3471/2006 on the protection of personal data and privacy in the electronic communications sector, and amending Directive 2472/1997,
- Directive 2002/58 / EC of the European Parliament and of the Council of 12 July 2002 concerning the processing of personal data and the protection of privacy in the electronic communications sector (Directive on privacy and electronic communications) as amended,
- Regulation (EU) No 2016/679 of the European Parliament and of the Council on the protection of individuals with regard to the processing of personal data and on the free movement of them and the repeal of Directive 95/46 / EC (General Data Protection Regulation), hereafter referred to as GDPR, and any applicable laws.
3. Responsible for Processing
ELPEN PHARMACEUTICAL CO INC is considered to be the managing director as the legal entity that defines the purposes and the manner of processing personal data of its associates and suppliers under the General Data Protection Regulation.
-NT. ELPEN 95 Marathonos Ave., 19009, Pikermi, Attica, Greece
Telephone: +30 211 1865 000 (200)
Email: info@elpen.gr
Website: www.elpen.gr
4. Data Protection Officer (DPO)
The Data Protection Officer (DPO) for ELPEN has been designated, in accordance with Article 37 et seq. Of the General Data Protection Regulation, Athena Eleftheriadou
Athena Eleftheriadou, Attorney at Law, DPO ELPEN PHARMACEUTICAL CO INC
Marathonos Avenue 95, 190 09, Pikermi, Attica, Greece
Email: dpo@elpen.gr
5. Collection and processing of personal data of partners and vendors
Personal data of affiliates and suppliers that may be processed by ELPEN is in principle the usual personal data they may be provided to the company and / or may be collected independently by the company in the search for and selection of new partners and suppliers, as well as during and for the management of each cooperation between them, including information which are notified to the company with the legal discretion of each partner. Furthermore, in addition to our own associates and suppliers data, our company is also able to collect and process personal data from representatives, contacts, and associate and vendor employees. In this context, as a general rule, specific personal data categories, notably health data, are not provided to ELPEN.
In particular, the personal data of these individuals is collected and processed by the ELPEN (might) are: Name, Address, Phone, email, Identity Card Number (ID), Tax Identification Number (TIN) and Public Finance Service (ROI), Bank Account Number and IBAN, Information that at its sole discretion includes the data subject in his / her curriculum vitae.
In the course of our partnership with our partner and supplier, our company makes its assessment according to ELPEN's policy and its commitment to continuous progress and development. The data associated with the evaluation process include exclusively general and not personalized references to the nature and effectiveness of the cooperation (e.g. "good", "very good", "excellent").
6. Processing purposes
Any collection and processing of personal data of partners and suppliers by ELPEN is done in accordance with the existing legislation, in full compliance with the General Data Protection Regulation and with full respect to the principles under the law governing processing. Our main objective is to ensure security and confidentiality as well as to limit the processing of data to what is strictly necessary to serve the following purposes.
ELPEN collects and processes personal data of its affiliates and suppliers, as detailed above, which are intended to serve specific purposes, always in the context of the particular cooperative relationship, before, during and after that expiration. In particular, such purposes are as follows:
a. Receiving, collecting, ranking and reviewing partner and vendor CVs.
b. In general communication with partners and suppliers.
c. The specialized market research and the search and selection of suitable partners and suppliers.
d. Communicating with third parties to create specific associates and suppliers to the company.
e. Receiving and sending bids for the conclusion of the agreement for cooperation.
f. The drafting, signing, observing and monitoring of the implementation of contracts - cooperation agreements.
g. Keeping a list of partners and suppliers of the company.
h. Updating and changing partner and vendor data maintained by the company.
i. Managing the invoices (receiving, filing, repaying) the partners and suppliers for their services and generally managing the payment of their remuneration.
j. Management of eventual termination of collaboration with partner and vendor.
k. Managing the evaluation of the partners and suppliers of the company.
l. Compliance with legal obligations of the company in the context of each cooperation.
m. The compliance of the company with its contractual obligations through its cooperation with partners and suppliers and the smooth development of this. ELPEN evaluates and selects its appropriate partners and suppliers, based on defined - if only quantified and in line with its policies - without resorting to automated decision- making.
7. Legal basis of processing
The processing of personal data of its affiliates and suppliers by ELPEN is entirely consistent and is based on the conditions set forth by existing legislation and in particular the General Data Protection Regulation.
Our company collects and processes personal data of its affiliates and suppliers in so far as such processing is necessary for the performance of a contract to which the data subject is a party or for action to be taken at the request of the data subject prior to the conclusion of a contract, in accordance with Article 6 (1) (b) of the GDPR.
In addition, it may process personal data necessary for the compliance of the company itself as a controller with a legal obligation under Article 6 (1) (c) of the GDPR, such as, for example, compliance with obligations stemming from the tax legislation for the company. Where appropriate, it is possible for the data subject to have consented to the processing of his or her personal data for one or more specific purposes, in accordance with Article 6 (1) (a) of the GDPR, upon the voluntary sending of contact information to our published addresses.
Furthermore, in some cases the processing of personal data is necessary for the purposes of the legitimate interests pursued by ELPEN as a controller, in accordance with Article 6 (1) (f) of the GDPR, in so far as they include, for example, the choice of the appropriate partner and supplier for the provision of specific services, the improvement of the quality of the company's partnerships and, by extension, the services provided by the company itself.
8. Addressees and transfer of personal data
ELPEN's personal data of partners and suppliers are processed by the staff of the Procurement Directorate and the Technical Department and the staff of the Accounting Department of our company, the heads and the head of the particular department of the company, to which the cooperation may be subject, and, as the case may be, by the members of the Company's Management.
In addition, the recipients of personal data are the public services, authorities and bodies to which they are notified in accordance with the applicable legislation and in accordance with the respective obligations of ELPEN such as tax, audit and other public authorities and financial institutions. Our company may be obliged to disclose
to third parties such as police and judicial authorities some of its personal data in accordance with existing law and to establish, support or exercise legal claims against it and protect rights of their contractual relationship with each other.
Additionally, our company may disclose personal data of its affiliates and suppliers to third party partners, for which it obtains the respective consent from the data subjects, such as third-party outside lawyers, lawyers, accountants, auditors. In any case, ELPEN ensures that there are appropriate safeguards for the safe processing of such data by third parties.
ELPEN does not, in principle, market and generally disclose the personal data of its affiliates and suppliers to third countries or international organizations and undertakes the obligation for a full and clear prior notification to the data subject in case it intends to do so. In the event of a merger and / or acquisition of the company, personal data of its affiliates and suppliers may be communicated to the respective third parties after clear information.
9. Storage and security of personal data
ELPEN takes appropriate technical and organizational measures to ensure that the personal data of its affiliates and suppliers are kept secure, ensuring its appropriate level against potential risks. Data processing systems and services are permanently monitored to ensure that they are kept as secure as possible and protected against loss, destruction, misuse and / or unauthorized access.
The integrity of the data and the limited access thereto only by the authorized and competent persons of the company act as a guide for each individual processing activity in which the personal data are submitted. ELPEN has implemented specific processing policies, including data from its partners and vendors, and has put in place procedures to deal with any personal data breaches. It ensures the continuous and regular training of its personnel responsible for processing its data, which acts only after express authorization and always according to the company's instructions. In the event of disclosure of data to third parties, the company shall ensure the signing and observance of confidentiality agreements.
Personal data of affiliates and vendors are stored by ELPEN only for as long as it is required to fulfil the purpose for which they were collected, as described in this Privacy Statement, by their nature, contractual relationship their storage and the related legal obligations of the company. These data are retained in any case only for a reasonable period of time and are then deleted when the purpose of their processing ceases to exist in accordance with existing legislation. As a rule, and if feasible and appropriate, individual parts of the company destroy specific physical records, such as paid invoices, after the expiration of six months from their repayment.
10. Rights of data subjects
In the context of existing legislation, and in particular the General Data Protection Regulation, affiliates and suppliers retain the following rights to the extent that their data are processed by ELPEN, for which they may in any case communicate with the company using the contact details listed in Article 12 hereof:
1. To inquire about the processing of their personal data by our company.
2. Have access to or request a copy thereof.
3. Apply for correction or completion of these data if they consider it to be incorrect, inaccurate or incomplete.
4. Request the deletion of their personal data. In this case, ELPEN will delete them unless there is one of the legitimate reasons under which they are entitled or required to maintain them.
5. Submission of objections to some or all of the purposes for processing their personal data or request their processing to be restricted under the legal conditions and as far as possible.
6. Revoke their consent to the collection and processing of their personal data by ELPEN, to the extent that it is the legal basis for the processing.
7. Submit a complaint to the competent supervisory authority, in this case the Personal Data Protection Authority.
11. Amendments and updates in this Privacy Notice to Partners and Suppliers
ELPEN reserves the right to modify and / or update this Privacy Statement at any time whenever deemed necessary. In the event of an update and / or substantial change to this Privacy Statement, it will be communicated accordingly to the parties concerned in the manner that our company deems most appropriate and effective, always with a view to ensuring that the partners and suppliers or / and obtaining their consent where appropriate, and the "update date" of the present will be amended accordingly.
12. Contact Details
The subject of the personal data referred to in this Privacy Statement may contact our company for any questions, comments, complaints about the present, but also about its general Data Protection Policy ELPEN, in order to exercise any of the above rights, to make a request or to request access to and / or correction of their personal information.
ELPEN PHARMACEUTICAL CO INC
95 Marathonos Avenue, 190 09, Pikermi, Greece Phone: +30 211 1865 000 Email: info@elpen.gr
Website: www.elpen.gr
Data Protection Officer (DPO)
Athena Eleftheriadou, Attorney at Law, DPO ELPEN PHARMACEUTICAL CO INC
Marathonos Avenue 95, 190 09, Pikermi, Attica, Greece
Email: dpo@elpen.gr
Phone: +30 211 1865000