1. General information
2. Data Controller
For the purposes of General Data Protection Regulation (“GDPR”) (EU) 2016/679, our company GENIKI APIKONISTIKI S.A.”, with registered seat in Athens Attica, Karistou str 5, is the Data Controller.
3. Data collected and processed
- Personal information about you (e.g. your name, email address, profession, region of residence) that you provide us, so as to communicate with you and send you newsletter, offers, announcements and other informative material by means of direct messages (form of newsletter subscription).
- Personal information about you (e.g. your name, email address, text message) that you provide us, so as to communicate with you and reply to your individual message or request (contact form).
- Personal information about you (e.g. your name, email address, occupation, region of residence, social security number, tax registration number) that you provide us in our premises, so as to receive medical services and care. Personal data of special categories of article 9 of the GDPR, concerning your health and medical history, are also included. The data requested by us in our premises as a part of your medical treatment, are mandatory to provide you with the proper treatment. Accordingly, if they are not provided or are not provided correctly, we will be unable to process your request and provide the medical services requested.
4. Use of Services by Minors
Individuals under the age of sixteen (16) cannot provide us personal data or consent to the processing of personal data. Therefore, only their legal guardians can provide consent on their behalf to the processing of personal data.
5. Purpose of processing personal data
Depending on the user’s requests, the personal data collected will be processed in accordance with the following purposes:
- To send you our newsletter, offers, announcements and other informative material, concerning the activities and services of our company.
- To reply to your request or message.
- To provide you with the medical services requested in our premises.
6. Data Retention
As far as the newsletter subscription is concerned, the personal data are retained until the withdrawal of your consent.
You are also informed that personal data that are part of your medical record is retained for at least ten years after our services are provided you, due to lawful obligation. Certain data will also be retained for a period of at least five years due to tax law obligations.
Generally, the criteria used to determine our retention periods include:
- The length of time we have an ongoing relationship with you and provide services to you.
- Whether there is a legal obligation to which we are subject (for example, legal obligation to keep accounting records of transactions for a certain period of time before we can delete them)
- Whether retention is advisable considering our legal position. (such as, for statutes of limitations, litigation or regulatory investigations).
- Withdrawal of consent.
7. Legitimate interest for processing your data
We will only process your personal data, if at least one of the following conditions applies:
- You have given your consent to the processing of your personal data for one or more specific purposes e.g. subscribing to receive newsletters;
- Processing is necessary for the performance of medical services requested by you;
- Processing is necessary in order to protect your vital interests or those of another natural person e.g. in an emergency, an incident, illness or accident;
The data processing required in fulfillment of the aforementioned purposes that require the user’s consent cannot be undertaken without said consent. Likewise, in the event that the user withdraws their consent to any of the processing, this will not affect the legality of the processing carried out previously. To revoke such consent, the user may contact us through the appropriate channels, by sending us a letter to the following address: firstname.lastname@example.org. As far as the newsletter subscription is concerned, you may revoke your consent by clicking on the unsubscribe link or following the opt-out instructions included in the messages sent to you by us.
8. Transfer of personal data
We only share your personal data when this is necessary so as to provide services or to fulfill an obligation imposed by law. We may share your information with: i) Our third-party partners, service providers, exclusively to the extent that is necessary for the purposes of operating and providing you with the services that you have requested; ii) Professional advisors and auditors for the purpose of meeting our audit and tax responsibilities; iii) Any third party in order to meet our legal and regulatory obligations, including statutory or regulatory reporting or the detection or prevention of unlawful acts, tax, regulatory or other public authorities, iv)social security organizations and insurance companies if you request to be indemnified by them for the expense of the medical services or for them to cover the cost your examination.
When we share personal data with other organizations and third-parties, we ensure that they keep them safe. Third parties are authorized to retain these data for the purposes listed above and are not allowed to use your personal data for other purposes. Such sharing or transfer of personal data will be protected by appropriate measures (e.g. appropriate contractual clauses, data processing contracts, intra-group disclosures of personal data, etc.). If the recipient operates outside the EEA, appropriate protections will be put in place to make sure your personal data remains adequately protected including appropriate contract clauses, such as standard contract clauses approved by European Commission. We may transfer your personal information to our data processor(s) or/and sub-processor(s) based in the EEA, for the purposes described in this policy. If we do this, your personal information will continue to be subject to appropriate safeguards set out in the law. All our data processors act on our behalf on basis of legal agreement and provide for the safety of your personal data.
9. Exercise of User’s Rights
The User may contact us at any time, so as to exercise his rights. The User can send us a letter to email@example.com, so as:
- To obtain confirmation about whether or not personal data concerning the User are being processed by us.
- To access their personal details.
- To rectify any inaccurate or incomplete data.
- To request the deletion of their personal data when, among other reasons, the data are no longer necessary for the purposes for which they were collected.
- To state or confirm revocation of consent.
- To obtain from us the limitation of data processing.
- To request the portability of data.
The User will be appropriately informed by us about his request in 30 days upon receipt of the request made. Likewise, the User is informed that at any time he may file a complaint, regarding the protection of their personal data, before the competent Hellenic Data Protection Authority (www.dpa.gr).
10. Security Measures
We will process the User’s data at all times in an absolute confidential way, maintaining the mandatory duty to secrecy with regard to the data, in accordance with the provisions set out in applicable regulations. We adopt the measures of a technical and organizational nature required to guarantee the security of data and prevent them from being altered, lost, processed or accessed illegally, depending on the state of the technology and the nature of the data.
By requesting our services, you agree to our privacy practices as set out in this privacy statement. We may change this policy from time to time. You should check this policy frequently to ensure you are aware of the most recent version.