Privacy and Data Retention Policy
1. Purpose

This policy outlines how Lean Pharma Services (LPS) collects, uses, stores, and retains personal data via its website, in compliance with GDPR, ISO 9001, ISO 27000, and GxP guidelines.

2. Scope

Applies to all website visitors, users submitting personal data through forms, and any digital interactions with the Lean Pharma Services website.

3. Data Controller

Lean Pharma Services SMPC
Email: info@leanpharmaservices.com
Registered address: Emmanouel Pappa 27, 263 32 - Patras, Greece

Data Protection Officer (DPO):
Nikos Tsokanas
Email: privacy@leanpharmaservices.com

4. Data Collection

We collect personal data that you voluntarily provide through:
  • Contact, job application, or subscription forms
  • Event registration forms
  • Cookies and website analytics tools
Collected data may include:
  • Name, email, job title, and company
  • Phone number, IP address, device/browser info
  • Message content and communication history
5. Legal Basis for Processing

Your personal data is processed based on:
  • Consent - freely given by form submission
  • Contractual necessity - e.g. service inquiries
  • Legal obligation - e.g. pharmacovigilance or regulatory requirements
  • Legitimate interests - e.g. ensuring website functionality and security
6. Use of Data

Your data is used for:
  • Responding to your queries
  • Providing CRO services and regulatory communications
  • Improving our website and user experience
  • Fulfilling legal and GxP obligations
We do not use your data for profiling or automated decision-making.

7. Data Subject Rights

Under the GDPR, you have the right to:
  • Access your personal data
  • Rectify inaccurate data
  • Erase your data ("right to be forgotten")
  • Restrict or object to processing
  • Withdraw consent at any time
  • Port your data (where applicable)
  • Lodge a complaint with your national supervisory authority
To exercise these rights, please contact our DPO at: privacy@leanpharmaservices.com

8. Data Retention

Data is retained only as long as necessary for the purpose it was collected, in accordance with:
  • ISO 9001 document control and quality management requirements
  • ISO 27000 information security and risk-based controls
  • GxP guidance on data integrity and traceability
Retention timelines:
  • Contact and inquiry data: 3 years from last interaction
  • Job applicant data: 1 year from submission
  • Client service data: Minimum 10 years or as required by regulatory authorities
Upon expiration of retention periods, data is securely deleted or anonymized.

9. Data Security

We implement technical and organizational measures aligned with ISO 27000, including:
  • Encrypted data transfers
  • User access control and authentication
  • Regular audits and vulnerability assessments
  • System backup and disaster recovery processes
10. Third-Party Access & Transfers

We do not sell or rent your data. Data may be shared with:
  • IT service providers and subcontractors under data processing agreements
  • Regulatory authorities if legally required
  • Cloud platforms or analytics tools, ensuring GDPR-compliant safeguards
We avoid international transfers unless using appropriate mechanisms such as Standard Contractual Clauses (SCCs).

11. Cookies

Our website uses:
  • Essential cookies - for functionality
  • Analytical cookies - to improve services (e.g., Google Analytics)
You can manage cookie preferences via the cookie banner and browser settings.

12. Policy Review

This policy is reviewed annually or upon regulatory, technical, or organizational changes.

Last updated: 01-Apr-2025
 Next review due: 31-Mar-2026

copyright 2025 © LeanPharmaServices.com. All Rights Reserved.
Handmade creation by
Privacy and Data Retention Policy