HOMEPAGE /
Privacy Policy
1.0 Introduction
MARATHON DISTRIBUTORS LIMITED incorporated and registered in the Republic of Cyprus with company registration number ΗΕ116865 whose registered office is at 35 Kilkis Avenue, Latsia, 2234 Nicosia, Cyprus (hereinafter referred to as the “Company”) is a leading pharmaceutical and healthcare logistics provider in Cyprus.
This Privacy Policy (hereinafter referred to as the “Privacy Policy”) is issued pursuant to and reflects compliance with the requirements and obligations and duties introduced by the EU General Data Protection Regulation 2016/679 (hereinafter referred to as the “GDPR”), as amended and replaced from time to time and the relevant implementing legislation, namely the Law 125(I)/2018 of the Republic of Cyprus, in relation to all processing activities carried out by the Company in respect of your Personal Data.
2.0 Scope
The Company respects individuals’ rights to privacy and the protection of Personal Data.
This Privacy Policy explains how we process personal data when you visit our website, use our online contact form or online ordering portal, communicate with us, report a product quality complaint or adverse event, do business with us as a customer or supplier, or visit our premises. Separate internal privacy notices apply to employees, job applicants and workers.
“Personal Data” means any information relating to an identified or identifiable natural person (‘data subject’).
3.0 Controller of Personal Data
For the purposes of the GDPR the Company acts as data controller for the Personal Data described in this Privacy Policy. The Company is responsible for deciding the purposes of the processing, how to hold and retain the data provided and is obliged to inform you about the categories of the Personal Data it holds, your rights as well as how it will use the Personal Data.
4.0 Types of Personal Data Processed
4.1 We collect, use and process various categories of Personal Data depending on your relationship with us. We only process data that is adequate, relevant and limited to what is necessary for the purposes described in Section 6 of this Privacy Policy.
4.2 Personal Data may include:
a. Personal Data: Name, email address, phone number and other information you provide.
b. Technical Data: IP address, browser type, device information and browsing behavior on our website.
c. Customer and supplier data: contact details, delivery addresses, order history, invoicing and payment data, credit control information.
d. Pharmacovigilance (PV) and product quality data: reporter details, patient initials, age, sex, health data related to adverse events, product batch and expiry date.
e. Visiting and security data: visitor book entries, CCTV footage, access control logs.
f. Cookies: Information on how you use our website (Please refer to our Cookies Policy).
Where we are required by law or under the terms of our contract with you to collect personal data and you fail to provide this data when requested, we may be unable to perform the contract we have or are attempting to enter into with you (for example, for the provision of goods or services). In this case, we may have to cancel a product or service you have with us, but we will notify you at the time if this is the case.
5.0 How Personal Data is Collected
Your Personal Date may be collected:
a. Directly from you (e.g., contact forms, emails, telephone, PV/Quality reports, orders);
b. Automatically via cookies and logs;
c. From third parties established or located within the EEA or publicly available sources (e.g. address verification, payment processors, logistics partners);
d. During our contractual relationship with you.
It is your duty and responsibility to provide us with updates as to the Personal Data provided in order for such data to remain current, accurate and correct and you acknowledge that we rely on the Personal Data provided to us in carrying out our obligations, under the law and our contractual relationship with you.
Where you provide Personal Data of another individual, you confirm that such individual has been informed of this Privacy Policy and, where required, has provided valid consent for the processing of his/her Personal Data.
6.0 Closed-Circuit Television (CCTV) Surveillance
6.1 The Company operates a CCTV system at its premises at 35 Kilkis Avenue, Latsia, 2234 Nicosia, Cyprus, for the purpose of ensuring the security and safety of our personnel, visitors, contractors, and property.
The CCTV system records visual images only; it does not record or transmit audio, nor does it employ any biometric, facial-recognition, or behavioural-analysis technology. Cameras are installed solely in designated common areas where a legitimate expectation of monitoring exists, including building entrances, lift lobbies, and reception areas. No cameras are installed in private or sensitive spaces.
The processing of CCTV data serves the following lawful and specific purposes:
a. safeguarding life and physical integrity of persons within or around the premises;
b. protecting the Company’s assets, confidential information, and infrastructure;
c. preventing, deterring, detecting, and investigating unauthorised access, theft, vandalism, or other unlawful acts; and
d. complying with statutory or regulatory obligations requiring cooperation with competent authorities.
CCTV footage shall not be used for employee performance evaluation, disciplinary monitoring, or any purpose incompatible with the above.
6.2 Lawful Basis for Processing
Processing of personal data through CCTV is carried out on the basis of the Company’s legitimate interests pursuant to Article 6(1)(f) of the GDPR.
6.3 Access and Disclosure
Access to live or recorded CCTV footage is strictly limited to authorised personnel who require such access for legitimate operational or security purposes. Disclosure of footage to third parties shall occur only where necessary and lawful, including:
• to law-enforcement or other competent public authorities for the prevention or investigation of criminal offences;
• to insurers or legal advisers in connection with insured events or the establishment, exercise, or defense of legal claims; or
• to technical maintenance providers acting as processors under a written Data Processing Agreement in compliance with Article 28 GDPR.
All disclosures are logged, authorised in writing, and effected through encrypted or otherwise secure transfer methods. No CCTV data is shared for commercial, marketing, or non-security-related purposes.
6.4 Data Retention and Deletion
• CCTV recordings are retained for a maximum period of 15 months from the date of capture, after which they are automatically overwritten by the recording system.
• In exceptional circumstances such as where footage relates to a specific incident under investigation, the normal deletion schedule may be temporarily suspended.
• Upon expiry of the authorised period, the relevant footage shall be securely deleted or destroyed.
• No recordings are retained indefinitely.
• All CCTV data remain stored within the Republic of Cyprus. There are no international transfers of recorded footage.
• Any future transfer outside the EEA will only be effected subject to the safeguards of GDPR, such as adequacy decisions or standard contractual clauses.
6.5 Data-Subject Rights
Individuals whose images are captured by the Firm’s CCTV system may exercise their data protection rights as per Section 8 of this Privacy Policy.
7.0 Legal Basis for Processing your Personal Data
We will only collect, use, process, store, share or transfer your Personal Data where it is necessary for us to carry out our lawful business activities and provide our services. We will process your Personal Data for the purpose of or in connection with the provision of our services to you, for performance of our security, and for compliance with our legal obligations.
We process your personal data based on the following lawful bases, as defined by GDPR (Article 6 and Article 9 for health data):
7.1 Performance of a Contract – (Art. 6(1)(b))
We may process your Personal Data where it is necessary to enter into a contract with you for the provision of goods and services or to perform our obligations or duties under such contract, including order processing, delivery of products, managing accounts, customer support, supplier management, procurement, invoicing and credit control.
7.2 Legal and Regulatory Obligations – (Art. 6(1)(c) and Art. 9(2)(i)))
When you establish a business relationship with us in order to provide you with goods or services, throughout your relationship with us and after the termination of your business relationship with us, we are required by the law to collect, use, process and store certain Personal Data about you.
Processing necessary to comply with laws applicable to pharmaceutical distribution, pharmacovigilance and product quality reporting obligations, tax and accounting legislation, and regulatory compliance.
Additionally, for processing health and adverse event data required to ensure high standards of quality and safety of medicinal products.
7.3 Legitimate interests – (Art. 6(1)(f))
We may collect, process, use, and store your Personal Data where it is in our legitimate interests and without prejudicing your interests or fundamental rights and freedoms. We may process your Personal Data to manage our business, financial affairs as well as to protect our employees, clients and property. It is in our interests to ensure that our processes and systems operate effectively and that we can continue operating as a business. This may include processing necessary for:
• security and premises protection (CCTV, access control),
• IT security and fraud prevention,
• website functionality,
• business continuity.
7.4 Consent – (Art. 6(1)(a) / Art. 9(2)(a))
For special category of data and marketing purposes we may only collect, use, process and store Personal Data where an explicit consent has been granted.
Where processing is based on legitimate interests, you may object at any time. However, in some cases this may affect our ability to provide certain services.
You may withdraw your consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.
8.0 Your Rights
The Company takes all the appropriate measures to make sure that you are fully informed about your rights in regards with all Personal Data we collect, process, use and store.
As a data subject, you have the following rights:
Right to Access: You have the right to access your Personal Data including the records of emails and/or text message correspondence, between you and the Company, held by the Company.
Right to Rectification: You have the right to rectification of inaccurate Personal Data and to update incomplete Personal Data.
Right to Erasure: You have the right to request that your Personal Data be deleted.
Right to Restriction: You have the right to request that we restrict the processing of your Personal Data.
Right to Data Portability: You have the right to data portability and transfer of your data to another organisation.
Right to Object: You have the right to the processing of your data for direct marketing or legitimate interests.
As a result, all rights and the circumstances under which such rights may be exercised are described above. In the event that you wish to exercise any of the rights described above or if you have any queries about how we collect, use, process or store your Personal Data that are not answered in this Privacy Policy, or if you wish to complain to our Data Protection Officer, please contact us at enquiry@marathon-distributors.com or +357 22 899500.
9.0 Changes to the way we use your Personal Data
The Company reserves the right to change the way and/or the purpose of processing and use of your Personal Data. As a result, where the Company decides to process or use your Personal Data for purposes other than the purpose for which such Personal Data was initially collected, processed and used and stored, it shall provide you with all legally required information of such change including the new purpose under which such Personal Data will be used and/or processed as well as all of your rights as described in the section 8 of this Privacy Policy.
10.0 Disclosures of Personal Data
We will only use and share your Personal Data where it is necessary for us to lawfully carry out our business activities and/or provide our products and services.
Your Personal Data may be shared with and used, processed and stored by group companies and/or service providers, such as:
a. IT services to the Company, including support, date analysis, logistics, payment processing and auditors.
b. Pharmacovigilance partners, such as Marketing Authorisation Holders and their local representatives;
c. The Police, law enforcement and other government and regulatory agencies and other third parties as required under applicable law, where required;
d. Professional advisors, including legal advisors;
All third parties and providers are contractually bound to protect your data and ensure compliance with GDPR.
11.0 Retention
We retain the Personal Data processed by us for as long as we consider necessary for the purpose for which it was collected, as required and/or as required under any legal provision to which we are subject and/or for such other periods as can be lawfully justified in each case.
Pharmacovigilance records may be retained for longer periods as required under applicable medicines legislation.
After expiry of retention periods, Personal Data is securely deleted or anonymised.
12.0 Security
We have put in place appropriate technical, security and organisational measures to prevent your Personal Data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed, including access controls, encryption where appropriate, secure physical facilities and staff training.
13.0 Cookies and similar Technologies
We use essential cookies and, with your consent, analytics cookies. You can change your preferences through our cookie banner or your browser settings.
For more information, please refer to our Cookie Policy.
14.0 Right to Complain
If you wish to make a complaint, you can contact our Data Protection Officer who will investigate the matter. We expect to be fully able to address any concerns you may have directly in the first instance; however, we would like to inform you of your right to address any complaint to the Data Protection Commissioner’s Office at any time should you so wish:
Data Protection Commissioner
15 Kypranoros Street, 1061 Nicosia, Cyprus
Tel: +357 22 818456
Fax: +357 22 304565
Email: commissioner@dataprotection.gov.cy
www.dataprotection.gov.cy
15.0 Changes to this Policy
The Company reserves the right to update this Privacy Policy from time to time. If the Company changes this Privacy Policy including how we collect, process or uses clients’ personal information, the revised Privacy Policy will be uploaded on our website. Any personal information we hold will be governed by our most current Privacy Policy. If changes materially affect your rights or how we process your Personal Data, we will notify you.
We would encourage you to visit our website regularly to stay informed about the purposes of processing your Personal Data and your rights to control how we collect, use or process your Personal Data.
16.0 Contact details
If you have any questions or concerns about this Privacy Policy or how we process your personal data, please contact us:
MARATHON DISTRIBUTORS LIMITED
35 Kilkis Avenue, Latsia,
2234 Nicosia, Cyprus
Email: enquiry@marathon-distributors.com
Tel: +357 22 899500
