Omnilab logo

Your Good Health is Our Main Concern

Pharmaceutical Division

Privacy Policy


On 25 May 2018, the General Data Protection Regulation (“GDPR”) came into effect in the European Union, replacing the Data Protection Directive 95/46/EC. The GDPR significantly increases the rights of individuals in relation to the protection of their personal data. It also increases the responsibilities of organizations that control and process personal data, and substantially increases the penalties for non-compliance.

We have always appreciated the importance of data privacy to both our clients and to individual data subjects. Information security and data privacy have been a key focus of ours.


Droguerie Omnilab S.A.L is a company representing leading pharmaceutical companies, duly incorporated and existing under the laws of Lebanon, duly registered before the Register of Commerce of Beirut under the number /47845/ and having its main offices at Lebanon, Beirut, Badaro Street, Omnilab Building. As part of our business, we collect information about people, companies and organizations.

The privacy and protection of personal data is important to us. This privacy statement also applies to our website.

This Privacy Statement will describe and explain our information practices and the measures we take to protect privacy and comply with applicable law and obligations. It will describe how we collect, use, share and secure the personal information provided. It will also describe choices regarding use, access and correction of personal information.


This statement covers all types of personal data that Droguerie Omnilab S.A.L holds. This may be data that we hold in our capacity as a “controller” and/or “processor”

NOTE: A ‘controller’ is an organization which determines the purposes for which personal data is to be processed. This is contrasted with ‘processors’, which process personal data on behalf of ‘controllers’, and only in accordance with the controller’s instructions.


As a global company, Droguerie Omnilab S.A.L collects personal data from many geographical regions and sources. Our policy is to comply with all legislation, using an overarching set of principles to guide us, which we set out in further detail below.

1. Notice Where it is our responsibility under applicable law, we notify individuals about the purposes for which we collect and use information about them. This includes information about how individuals can contact us with any inquiries or complaints, the types of third parties to which we disclose the information and the choices and means we offer for limiting its use and disclosure.

2. Choice Where we hold personal data as a controller, and where required by applicable law, we give individuals the opportunity to choose whether their personal data will be disclosed to a third party or used for a purpose incompatible with the purpose for which it was originally collected. Where we hold personal data as a processor on behalf of a client, we ensure that the personal data is secure and processed in accordance with the instructions of our client.

3. Access:Where we hold personal data as a controller and where required by applicable law, we provide the ability to correct, amend access or delete personal data held about individuals where it is inaccurate. We will retain and use your information for as long as reasonably necessary for the purpose(s) for which the information was collected.

4. Security:We take reasonable organizational, technical, administrative and physical steps to protect against unauthorized access to and disclosure of personal data, which may include:

  • Security policies. Designing and supporting our products and services according to documented security policies and international standards. Regularly assessing our policy compliance and making necessary improvements to our policies and practices.
  • Employee training and responsibilities. Taking certain steps to reduce the risks of human error, theft, fraud, and misuse of our facilities. Training our personnel on our privacy and security policies. Requiring our employees to sign confidentiality agreements. Assigning to an individual the responsibility to manage our information security program.
  • Access control. Limiting access to information to only those individuals who have an authorized purpose for accessing that information. Terminating those access privileges following job change or termination.
  • Data encryption. Where applicable and required, ensuring that electronic transfers of information (including sensitive information such as your login information) are done through encrypted connections via SSL encryption and storing all data is stored on encrypted servers.
  • Review and assessment of Suppliers. Regular assessment of suppliers

No method of transmission over the Internet, or method of electronic storage, is 100% secure. Therefore, we cannot guarantee its absolute security. If you have any questions about security, you can contact us at the IT Department.

5. Data integrity We take reasonable steps to ensure that data we collect is reliable for its intended use, accurate, complete, and current. We do not process personal data in any way that is incompatible or inconsistent with the purpose for which such information was collected.

6. Enforcement Droguerie Omnilab S.A.L has committed to voluntarily and periodically reviewing our privacy and security practices to verify that we are meeting our obligations.


We may collect, use, store and transfer the following kinds of personal data:

  • Identity Data, including first name, maiden name, last name, username or similar identifier, marital status, title, date of birth, gender, nationality, educational records, job title, employment history, business activities, credit history, passport number, national identification number, vehicle registration number, driver’s license number, information on compliance indiscretions, details regarding whether data subjects are on watch lists or sanctions lists or are politically exposed, criminal records;
  • Contact Data including billing address, delivery address, email address and telephone numbers;
  • Financial Data including bank account, payment card details and other financial information;
  • Transaction Data includes details about payments to and from you and other details of products and services you have purchased from us;
  • Technical Data including internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access this website;
  • Profile Data including your username and password, purchases or orders made by you, your interests, preferences, feedback and survey responses;
  • Usage Data including information about how you use our website, products and services; and
  • Marketing and Communications Data including preferences in receiving marketing from us and our third parties and your communication preferences.
  • Special Categories such as details about your race or ethnicity, religious beliefs, sex life, and information about your health



For the purposes of communication and marketing, we collect information directly through automated technologies or interactions, and from third parties.

We may be given the information directly (e.g. in the case of customer code opening, requesting marketing information, or providing us with feedback).

We also gather certain information automatically from our website and store it in log files. This information may include Internet protocol (IP) addresses, browser type, Internet service provider (ISP), referring/exit pages, operating system, date/time stamp, and/or clickstream data.

We may also collect information from time to time through our analytics partners, advertising networks, search information providers, channel partners and organizers of events that we partner with.

The personal data we collect may be used to:

  • register customer or attendee to a webinar or other event;
  • accept, process and deliver an order for our products or services;
  • issue invoices and collect fees;
  • send notifications as part of a regular service;
  • respond to questions and concerns when ‘contact us’ form is being used;
  • improve the contents of our website and marketing efforts;
  • conduct research and analysis; and
  • display content based upon people interests

Where we process personal data to register a customer, accept his orders and deliver goods and services to him, we do so, on the basis that it is necessary to perform our obligations under contract with him. It may also be necessary to comply with certain legal obligations.

Where we process personal data for the purpose of collection of fees, we do so, on the basis that it is necessary to perform our obligations. Such processing is also necessary for our legitimate interests, in ensuring that we can recover money that is owed to us.

Where we process personal data to send notifications, respond to questions, improve the contents of our website and marketing efforts, conduct research and analysis and display content based on interests, we do so on the basis that it is necessary for our legitimate business interests. These interests include the interests of ensuring our clients receive premium service, growing our business to best satisfy changing market needs, and ensuring continual improvements to our suite of product and services.


Depending on the circumstances, our Due Diligence reports may contain some or all of the following types of information about subject individuals and companies:

  • names;
  • addresses of subjects;
  • corporate registry information detailing ownership and directorship of the company;
  • media reports including translations and summaries

In addition some reports may contain information of a sensitive nature such as:

  • Criminal records;
  • Educational background;
  • Identifying numbers such as passport, driving license or other ID which is used to confirm the identity of subjects.

Our reports may also contain our opinion and analysis the reputation of the subject company.

We process this personal data on the basis that it is necessary to perform our obligations under contract with our suppliers / customers.

For the avoidance of doubt, we will never use non-publicly available data that has been provided by a client for any purpose other than the purpose that it was given to us.


We will share personal data with third parties only in the ways that are described in this privacy policy.


In the interests of us further enhancing our services, we may share personal data collected for sales and marketing purposes with our suppliers


In the ordinary course of our business, we work closely with a trusted network of third party business partners. These business partners provide a variety of services, including:

  • information collection and analysis;
  • hosting services;
  • support, maintenance and other IT services;
  • analytics and measurement services;
  • internet and social media services;
  • recruitment services;
  • business advisory and management consulting services; and
  • marketing and advertising services

Our business partners will only process personal data in accordance with our instructions, for the purposes and the legal bases identified in this Privacy Statement.


Circumstances may arise where for strategic or other business reasons Droguerie Omnilab S.A.L acquires new licenses. Such a transaction may involve the disclosure of personal data. We will seek appropriate protection for personal data in these types of transactions.


We may disclose personal data if required to do so by law or in the good-faith belief that such action is necessary to comply with legal requirements.


We may need to transfer personal data out of the country in which it was originally collected.


The GDPR establishes certain rights of individuals in relation to their personal data. These rights (as limited under law) include:

  • the right to request access to the personal data that we hold about you;
  • the right to have us correct and update your personal data where it is inaccurate or incomplete;
  • the right to object to our processing of your personal data;
  • the right to ask us to restrict the processing of your personal data
  • the right to ask that we transfer your personal data; and
  • the right to withdraw consent to our processing of your personal data

Should you have comments or questions about this statement, you may contact: