PRIVACY POLICY - PHARMALYTICS

This Privacy Policy describes how Pharmalytics ("Company", "We", "Us") collects, uses, and protects the personal data of our application users ("You", "Customer"). The left column contains the legally binding text. The right column provides a short explanation ("TL;DR") in simple terms for your convenience. In case of any discrepancy, the legal text in the left column shall prevail.

Last Updated: April 7th, 2026

1. Data Controller

Legal Text (Binding)

1.1 Identity: The Data Controller for registration and service usage data is the company ONISIS Consulting IKE, headquartered at 5 Agias Glykerias, 11147 Athens, Greece, VAT: 801300567, G.E.MH: 153871503000. 1.2 Contact: For any matter concerning your personal data, you can contact our Data Protection Officer (DPO) at the email: dpo@pharmalytics.gr. 1.3 Competent Authority: For complaints regarding data protection, you may contact the Hellenic Data Protection Authority (HDPA):
  • Website: www.dpa.gr
  • Phone: +30 210 6475600
  • Address: 1-3 Kifissias Ave., 115 23 Athens, Greece.

In Plain Words (Explanation)

TL;DR
What this means:

We are ONISIS Consulting IKE, an Athens-based company, and we are responsible for the information you provide us to create an account (e.g., your email).

If you have any questions about your data, send us an email at dpo@pharmalytics.gr.

If you are not satisfied with how we handle your data, you can file a complaint with the Data Protection Authority (HDPA).

2. Data We Collect

Legal Text (Binding)

2.1 Account Data: During sign-up, we collect: Business Name, VAT Number, Address, Administrator Full Name, Email, and Contact Phone Number. 2.2 Usage Data (Logs): We collect technical data through the Microsoft Entra ID infrastructure, such as IP address, browser type, login date/time, and error logs for security purposes. 2.3 Cookies & Analytics: The Company does not use tracking cookies or third-party profiling (e.g., Google Analytics).

a) Necessary Cookies: We exclusively use technical cookies that are strictly necessary for the operation of the application (e.g., session maintenance, Entra ID security).

b) Anonymous Statistics: For traffic analysis, we use the Plausible.io service, which does not set cookies, does not collect personal data, and fully anonymizes IP addresses.

In Plain Words (Explanation)

TL;DR
What this means: No Tracking: We don't track you. We don't have "spies" from Google or Facebook on our site. Only the Essentials: The only cookies placed on your computer are those needed so the application doesn't log you out (Login).

Our statistics (e.g., how many people visited today) are 100% anonymous.

3. Purpose & Legal Basis for Processing

Legal Text (Binding)

3.1 Performance of Contract: Processing your data is necessary for providing the SaaS service, billing, and technical support. 3.2 Legitimate Interest: We process usage data to ensure the security of our systems (Network Security) and improve our services. 3.3 Legal Obligation: We maintain tax information (invoices) for the period required by tax legislation (AADE). 3.4 Automated Decision-Making: We do not use automated decision-making or profiling that produces legal effects or significantly affects you.

In Plain Words (Explanation)

TL;DR
What this means:

We use your information to make Pharmalytics work, to invoice you, and to help you when you have a problem.

Also, we have to keep it for the Tax Office.

Important: We don't use "smart" systems that make decisions for you automatically.

4. Data Recipients

Legal Text (Binding)

4.1 Service Providers (Processors): We transfer data to third-party providers who support us technically, bound by confidentiality clauses. Our main infrastructure provider is Microsoft Ireland Operations Ltd (for Azure/Fabric hosting within the EU). 4.2 Authorities: We may disclose data to tax or judicial authorities if legally required.

In Plain Words (Explanation)

TL;DR
What this means:

We don't sell your emails to advertisers!

Your data is stored with Microsoft (Europe). Only if we are officially requested by a Prosecutor or the Tax Office will we give it to the state.

5. International Transfers

Legal Text (Binding)

5.1 Within the EEA: The primary storage location for data is within the European Economic Area (EEA) – specifically in Microsoft Data Centers in Europe (North Europe region). 5.2 Exceptions: In the event of a transfer outside the EEA, the Company ensures that an Adequacy Decision exists or Standard Contractual Clauses (SCCs) as defined in the DPA are signed.

In Plain Words (Explanation)

TL;DR
What this means:

Your data stays in Europe. If it ever needs to go elsewhere (rare), we will ensure it is legal and secure.

6. Data Security

Legal Text (Binding)

6.1 Measures: We apply modern technical and organizational measures, including data encryption, access control (MFA), and regular security audits. 6.2 Personnel: Access to your data is restricted to authorized Pharmalytics personnel who are bound by confidentiality agreements.

In Plain Words (Explanation)

TL;DR
What this means:

We take security seriously. We use encryption and security codes.

Only employees who *must* see your details (e.g., accounting) have access, and they have signed that they will not speak about it anywhere.

7. Your Rights

Legal Text (Binding)

7.1 List of Rights: As a data subject, you have the right to:

a) Access – to know what data we have and how we use it,

b) Rectification – to change incorrect information,

c) Erasure ("right to be forgotten") – to ask us to delete your data,

d) Restriction of processing – to limit how we use your data,

e) Portability – to receive your data in a structured format (JSON/CSV),

f) Objection – to object to processing based on legitimate interests,

g) Non-automated decision-making – not to be subject to decisions based solely on automated processing.

7.2 Exercise: You can exercise your rights by sending an email to dpo@pharmalytics.gr. We will respond within 30 days. 7.3 Right to Lodge a Complaint: You have the right to lodge a complaint with the Hellenic Data Protection Authority (HDPA) if you believe your rights are being violated.

In Plain Words (Explanation)

TL;DR
What this means:

The data is yours. You can ask us to see it, correct it, or delete it whenever you want.

Send us an email and we will sort it out within a month.

If you are not happy with our response, you can complain to the Data Protection Authority.

8. Data Retention

Legal Text (Binding)

8.1 Duration: We retain account data for as long as your subscription remains active. 8.2 Upon Termination: In the event of account deletion, we retain tax data for as long as required by law (10 years) and backup data for a limited time (up to 180 days) before permanent destruction. 8.3 Retention Table: See below.Data Retention Table
Data CategoryRetention PeriodLegal Basis
Account DetailsDuration of subscription + 180 daysPerformance of contract
Tax Data (Invoices)10 yearsLaw 4172/2013 (AADE)
Security Logs12 monthsLegitimate interest (security)
Backups30 daysTechnical necessity (Azure)
Usage Stats (Anonymous)IndefiniteNot personal data

In Plain Words (Explanation)

TL;DR
What this means:

We keep your information as long as you are our customer.

If you leave, we only keep what the Tax Office needs and delete the rest after 6 months (as we also stated in the Terms of Use).

9. Cookies & Tracking

Legal Text (Binding)

9.1 Cookies: The Company uses only necessary cookies that are strictly required for the operation of the application. We do not use tracking cookies, advertising cookies, or third-party analytics cookies. 9.2 Cookie Policy: For more information, please refer to our Cookie Policy. 9.3 Management: You can manage cookies through your browser settings. Note that disabling necessary cookies will make it impossible to log in to the application.

In Plain Words (Explanation)

TL;DR
What this means:

We only use cookies that are absolutely necessary for the application to work (e.g., to keep you logged in).

We do not track you with advertising or analytics cookies.

You can disable cookies from your browser, but then you won't be able to enter the application.

10. Changes to the Privacy Policy

Legal Text (Binding)

10.1 Amendments: The Company reserves the right to modify this Privacy Policy. Significant changes will be announced via email or through the application at least 30 days before they take effect. 10.2 Date Update: The "Last Updated" date at the top of the page indicates when the most recent changes were made.

In Plain Words (Explanation)

TL;DR
What this means:

We can change this policy, but we will let you know one month in advance for important changes.

Check the date at the top to see when it was last updated.

Relation to Other Documents

Legal Text (Binding)

For a full understanding of data protection on our platform, please also consult:

  • Terms of Service: The rules for using the application.
  • Data Processing Agreement (DPA): Specific terms on how we manage and protect the business data (datasets) you upload to the application.
  • Cookie Policy: Detailed information about the cookies we use.

In Plain Words (Explanation)

TL;DR

Contact

Legal Text (Binding)

For any questions regarding this Privacy Policy or the protection of your data:

📧 dpo@pharmalytics.gr (Data Protection Officer)

📧 support@pharmalytics.gr (General Support)

📍 ONISIS Consulting IKE, 5 Agias Glykerias, 11147 Athens, Greece

📞 +30 210 300 1803

In Plain Words (Explanation)

TL;DR

Legal Disclaimer

The "In Plain Words" sections are provided for convenience only and have no legal effect. In the event of any dispute, the technical and binding legal text in the left column shall prevail. These documents are subject to the laws of the Hellenic Republic.

    PRIVACY POLICY - PHARMALYTICS | Pharmalytics