Privacy Policy | NPLabs Compounding Pharmacy

1. Scope

This Privacy Policy applies to the public NPLabs website, including pages that link to this policy, newsletter forms, contact links, blog pages, and public-facing pharmacy information pages.

NPLabs does not sell prescription medications online. This website supports licensed pharmacy operations, including communication, prescription review, order coordination, and pharmacy services for patients and prescribers. Prescription medications require a valid prescription and are handled through appropriate licensed pharmacy processes.

The secure portal at https://admin.nplabs.online/login may have additional notices, consent screens, account terms, or privacy information for portal-specific workflows. Those notices apply in addition to this policy where relevant.

2. Who Is Responsible for Your Data

The data controller for this public website is:

N. PSATHAS & Co LP
Papanikoli Street No. 40, Chalandri, Attica 15232, Greece
VAT No. 998186880
Email: contact@nplabs.online
Telephone: +30 210 6815190

Where NPLabs acts with prescribers, service providers, portal providers, operational partners, or other healthcare participants, each party's role may depend on the specific workflow and applicable law.

3. Personal Data We May Collect

The exact data we process depends on how you use the website and what you choose to send us.

Website and device data

When you visit the website, servers and security systems may process technical data such as IP address, browser type, device information, referring pages, pages visited, timestamps, approximate location derived from network information, and security logs.

Contact and communication data

If you contact NPLabs, we may process your name, email address, telephone number, message content, patient or prescriber status if you provide it, and the records needed to respond to your request.

Newsletter data

If you subscribe to email updates, we may process your email address, consent status, subscription source, subscription date, and unsubscribe preferences.

Pharmacy and health-related data

If you voluntarily provide prescription, medical, allergy, medication, prescriber, patient, or care-coordination information through an appropriate channel, that information may include special-category health data under the GDPR. Please use the secure portal or other channel directed by NPLabs for sensitive pharmacy communications whenever possible.

Business and legal data

Where applicable, we may process billing, order-coordination, professional, regulatory, accounting, tax, audit, and legal correspondence records.

4. Why We Use Personal Data

We process personal data only where we have a lawful basis under applicable data protection law, including the GDPR and Greek Law 4624/2019 as applicable.

Purpose	Examples of Data	Legal Basis
Operate, secure, and maintain the website	IP address, device data, logs, security events, browser metadata	Legitimate interests in website operation and security; legal obligations where applicable
Respond to inquiries and pharmacy-service requests	Contact details, message content, patient or prescriber status, request history	Steps requested by you before a service relationship; legitimate interests; legal obligations where applicable
Support licensed pharmacy operations	Prescription, medication, prescriber, patient, allergy, dosage-form, order-coordination, and communication data when provided through appropriate channels	Healthcare and pharmacy-service purposes; legal obligations; explicit consent where required; establishment, exercise, or defence of legal claims where relevant
Send newsletters or educational updates	Email address, consent record, subscription source, unsubscribe preference	Consent; legitimate interests for limited service-related communications where permitted
Comply with law and professional obligations	Records needed for pharmacy, tax, accounting, audit, regulatory, dispute, and legal requirements	Legal obligations; legitimate interests; legal claims

We do not use the public website to make solely automated decisions that produce legal or similarly significant effects for you. We do not intentionally use public website data for behavioral advertising.

5. Who May Receive Personal Data

We share personal data only where appropriate for the purposes described in this policy, where required by law, or where you instruct or authorize us to do so. Recipients may include:

Authorized NPLabs personnel and pharmacy professionals involved in handling your inquiry or pharmacy-service workflow.
Prescribers, healthcare professionals, clinics, or caregivers where necessary for prescription review, clarification, care coordination, or pharmacy services.
Website hosting, email, newsletter, portal, security, IT, analytics-free performance, and support providers acting under appropriate instructions or contracts.
Courier, payment, accounting, legal, insurance, audit, and professional advisers where relevant to a legitimate service or legal purpose.
Regulators, courts, law enforcement, or public authorities where disclosure is required or permitted by law.

We do not sell personal data.

6. International Transfers

NPLabs is based in Greece. Some website, email, hosting, portal, content delivery, or support providers may process data outside Greece or outside the European Economic Area.

Where personal data is transferred outside the EEA, NPLabs relies on lawful transfer mechanisms where required, such as adequacy decisions, Standard Contractual Clauses, and supplementary safeguards appropriate to the transfer and provider.

7. How Long We Keep Personal Data

We keep personal data only for as long as necessary for the purposes described in this policy, unless a longer period is required or permitted by law.

Website security logs are kept for a reasonable period needed for security, troubleshooting, and evidence of website integrity.
Contact inquiries are kept for as long as needed to answer the request and maintain a reasonable record of the communication.
Newsletter records are kept until you unsubscribe or withdraw consent, with limited suppression records kept where needed to honor opt-out requests.
Pharmacy, prescription, health, order, accounting, tax, regulatory, and legal records are retained for the periods required or permitted under applicable Greek and EU pharmacy, healthcare, tax, accounting, professional, and limitation laws.

Where exact legal retention periods depend on the type of record, workflow, or regulated pharmacy obligation, NPLabs applies the applicable record-specific retention schedule.

8. Your Data Protection Rights

Subject to legal conditions and exceptions, you may have the right to:

Request access to your personal data.
Request correction of inaccurate or incomplete personal data.
Request erasure of personal data in certain circumstances.
Request restriction of processing in certain circumstances.
Object to processing based on legitimate interests or direct marketing.
Request data portability where the GDPR conditions apply.
Withdraw consent at any time where processing is based on consent, without affecting processing carried out before withdrawal.

We normally respond to GDPR rights requests within one month. That period may be extended where permitted by law, for example where a request is complex or multiple requests are made.

You also have the right to lodge a complaint with the Hellenic Data Protection Authority: www.dpa.gr, Kifissias 1-3, Athens 11523, Greece, telephone +30 210 6475600, email contact@dpa.gr.

9. Security

NPLabs uses organizational and technical measures designed to protect personal data against unauthorized access, accidental loss, misuse, alteration, and disclosure. These measures may include access controls, confidentiality obligations, secure channels, provider controls, and incident-response procedures.

No website, email, or internet transmission can be guaranteed to be completely secure. Please avoid sending sensitive medical or prescription information through ordinary email or public website fields unless NPLabs has directed you to that channel.

10. Children and Caregivers

This public website is intended for adults, prescribers, patients, caregivers, and pharmacy-service stakeholders. If a parent, guardian, or caregiver communicates with NPLabs about a child or dependent patient, NPLabs may process the information needed to support the relevant pharmacy workflow and legal obligations.

11. Cookies and Similar Technologies

The public website uses limited local storage and third-party resources to operate and improve the browsing experience. Details are provided in the Cookie Policy.

12. Changes to This Policy

We may update this Privacy Policy to reflect changes in the website, portal workflows, service providers, legal requirements, or pharmacy operations. The updated version will be posted on this page with a new "Last updated" date.

13. Contact

For privacy questions or rights requests, contact NPLabs at contact@nplabs.online or by telephone at +30 210 6815190.

This policy is a website privacy notice. It should be reviewed by qualified Greek/EU counsel before publication as the final legal position of the pharmacy, especially for DPO status, full processor lists, portal-specific notices, and record-retention schedules.