1. Introduction

This Privacy Policy (the “Policy”) has been prepared in accordance with the EU General Data Protection Regulation (GDPR, Regulation (EU) 2016/679) and the Personal Data Processing Law of the Republic of Latvia (Fizisko personu datu apstrādes likums, in force 5 July 2018).

The Policy governs the processing of personal data carried out by SIA “PHARMAMAX” (the “Company”, “we”, “us”) in connection with the website www.pharmamax.lv and with interactions with clients, partners and suppliers in the course of B2B pharmaceutical wholesale operations.

SIA “PHARMAMAX” is a licensed pharmaceutical wholesale distributor (Wholesale Licence No. L00093, issued by Zāļu valsts aģentūra — the State Agency of Medicines of Latvia). The Company operates in compliance with EU Good Distribution Practice (GDP) requirements as set out in EU Directive 2013/C 68/01 and applicable Latvian pharmaceutical legislation.

By using our website or engaging with us, you acknowledge that you have read and understood this Policy

2. Personal Data We Collect

2.1 Data you provide voluntarily
‍
When you contact us via the website, email or other means, we may collect:
– Contact details: first name, last name, job title, company name
– Email address and telephone number–
Content of enquiries, quotation requests and business correspondence
– Billing and contractual information required to fulfil orders

2.2 Data collected automatically
‍
When you visit www.pharmamax.lv, the following data may be collected automatically:
– IP address and information about your browser and devi
ce– Pages visited on the site and time spent
– Referral source (referring URL)
– Cookies and similar tracking technologies (see Section 9)є

2.3 Data received from third parties
‍
We may obtain contact details of company representatives from publicly available professional sources (LinkedIn, trade registries, industry directories) for the purpose of B2B outreach and communication.

2.4 Obligation to provide personal data
‍
Where we ask you to provide personal data, we will indicate whether provision is mandatory or voluntary. Mandatory data is required to process your enquiry, enter into, or perform a contract with us. Failure to provide mandatory data may prevent us from responding to your request or fulfilling an order. Where provision is voluntary, not providing it will have no adverse consequences.

2.5 Special categories of data

We do not knowingly collect or process special categories of personal data (such as health, genetic, biometric, or racial data) as defined in Article 9 of the GDPR in the course of our B2B commercial operations. Our website is not directed at or intended for use by individuals under the age of 16.

3. Legal Bases and Purposes of Processing

Weprocess personal data on the following legal bases under Article 6 of the GDPR:

4. Data Retention

Weretain personal data for no longer than is necessary for the stated purposes,or as required by law.

5. Disclosure of Personal Data to Third Parties

We do not sell personal data to third parties. Disclosure is made only in the following circumstances:

5.1 Service providers (data processors)
‍
– IT and cloud service providers (hosting, CRM, email platforms)
– Accounting and auditing firms
– Logistics and courier partners for fulfilment of orders
– Legal advisers where necessary

All data processors act under a Data Processing Agreement (DPA) and may not use personal data for any purpose beyond those specified therein.

5.2 Public and regulatory authorities
‍
Personal data may be disclosed to regulatory, tax, customs, and pharmaceutical supervisory authorities (including Zāļu valsts aģentūra) when required by law or by a binding legal order.

5.3 Transfers outside the EEA

Where service providers are located outside the European Economic Area (EEA), we ensure an adequate level of data protection through Standard Contractual Clauses (SCCs) approved by the European Commission, or other appropriate safeguards under Chapter V of the GDPR. Details of any such transfers are available on request.

6.Your Rights as a Data Subject

Underthe GDPR, you have the following rights with respect to your personal data:

To exercise any of these rights, please contact us at info@pharmamax.lv. We willrespond within 30 calendar days. In exceptional cases this period may beextended by a further 60 days, with prior notification.

If you believe your rights have been infringed, you have the right to lodge acomplaint with the Latvian supervisory authority:
‍
–       Data StateInspectorate (Datu valsts inspekcija — DVI)
–       Website:www.dvi.gov.lv  |  Telephone: +371 67223131  | Email: info@dvi.gov.lv

7. Data Protection Officer

SIA “PHARMAMAX” has assessed its processing activities in accordance with Article 37 of the GDPR. Based on the nature, scope, and purposes of our processing — which is limited to B2B contact and contractual data and does not involve large-scale systematic monitoring of individuals or large-scale processing of special category data — we have determined that the appointment of a Data Protection Officer is not currently mandatory.

For all data protection enquiries, please contact us directly at info@pharmamax.lv. We keep this assessment under regular review.

8. Data Security and Breach Notification

We implement appropriate technical and organisational measures to protect personal data against unauthorised access, loss, destruction or disclosure. These measures include:– Encryption of data in transit (SSL/TLS) and at rest
– Access controls and role-based permissions based on the principle of least privilege
– Regular software updates and security patching
– Incident response procedures and audit logging

In the event of a personal data breach, we will:
– Notify the Data State Inspectorate (DVI) without undue delay and, where feasible, within 72 hours of becoming aware of the breach, in accordance with Article 33 of the GDPR, unless the breach is unlikely to result in a risk to the rights and freedoms of individuals.
– Notify affected individuals without undue delay where the breach is likely to result in a high risk to their rights and freedoms, in accordance with Article 34 of the GDPR.

9. Cookies

The website www.pharmamax.lv uses cookies in accordance with the GDPR and the ePrivacy Directive (2002/58/EC). Cookies are small text files stored on your device when you visit the site.

On your first visit, a cookie consent banner will be displayed. You may manage, update or withdraw your consent at any time via the cookie settings on the site or through your browser settings. Withdrawing consent does not affect the lawfulness of processing carried out prior to withdrawal.

A full list of cookies in use, including their names, providers, duration and purpose, is available in our Cookie Declaration accessible via the cookie settings on this website.

10. Automated Decision-Making and Profiling

We do not engage in automated decision-making or profiling that produces legal effects or similarly significantly affects data subjects, as referred to in Article 22 of the GDPR. All decisions relating to B2B enquiries, orders and partnerships are made by our staff.

11. Pharmaceutical Regulatory Data

As a licensed pharmaceutical wholesaler, SIA “PHARMAMAX” is subject to EU Good Distribution Practice (GDP) requirements (EU Directive 2013/C 68/01) and applicable Latvian pharmaceutical legislation. In connection with these obligations, we process certain data relating to our business contacts, suppliers and customers for the purpose of ensuring supply chain traceability, product authenticity verification, and regulatory reporting.

Such data is processed on the legal basis of legal obligation (Art. 6(1)(c)) and retained for the minimum periods required by applicable pharmaceutical and accounting legislation. This processing does not involve the personal health data of patients.

12. Links to Third-Party Websites

Our website may contain links to third-party websites. We are not responsible for the privacy practices or content of those websites and recommend reviewing their privacy policies before providing any personal information.

13. Changes to This Policy

We may update this Policy from time to time to reflect changes in applicable law, our business operations or the technologies we use. The current version is always available at www.pharmamax.lv. Where changes are material and affect your rights, we will notify you by email or by a prominent notice on the website prior to the changes taking effect.

14. Contact Us

For all questions regarding the processing of your personal data or the exercise of your rights, please contact us: