PERSONAL DATA PROTECTION POLICY
Athens Medical Group S.A.
Provision of Medical Services
5-7, Distomou Str., Marousi
The Company “Athens Medical Group S.A.", (hereinafter referred to as the "Company) respects the privacy of natural persons and attaches great importance to the need of protecting their personal data.
This text provides concise and transparent information to any person interested in receiving medical services from any company clinic and to any user/visitor of the company websites about the practices followed for the handling and protection of personal data.
- What is the purpose of this Policy?
This Policy provides information about the way the Company collects, stores, uses and transmits the personal data of its customers, the security measures that the Company takes to protect personal data, the reasons and the time period for which they are stored, but also the type of personal data collected. It applies to any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction. The Company reserves the right to unilaterally update, modify, expand, revise its services and this Policy, at regular intervals, without prior notice, always in accordance with the applicable laws and regulations and any amendments in the legislation on personal data protection. The Company invites the interested parties to regularly read the Policy in order to stay informed about changes.
- What is personal data?
Personal data is any information that relates to an identified or identifiable natural person, who can be identified (e.g. by reference to an identifier such as a name, an identification number, location data, etc). Any data specific to the health of a natural person (physical or mental health, medical treatment, etc.) fall under the generic term personal data but they are a special category of data. The Company will not process your personal data without your consent. However, in some exceptional cases, the Company reserves the right to process your personal information as required or authorized by law and/ or any court rulings or prosecutor's orders/ instructions.
- How are personal data collected?
Personal data are collected as follows:
(a) you provide your data when the Company offers its services to you or any other person you assist, when you address the Company in order to receive medical services yourselves or in assisting another person, when you apply for a job with us, when you fill out electronic forms or send e-mails in order to receive information or use the services available on the following company websites (the "Websites"): www.iatriko.gr, www.iatrikokentro.gr, www.paidiatriko.gr, www.iatrikofalirou.gr, www.iatrikopsychikou.gr, www.iatrikoperisteriou.gr,www.gaiamaternity.gr, www.iatrikodiavalkaniko.gr, www.medsana.ro, www.iatrikoskosmos.gr, www.athensmedicalgroup.com
(b) automatically through the browser or the mobile device you use when accessing the websites.
(c) a third party working with us provides the information with your consent (e.g. insurance company).
When you register with the services provided by the above websites, you will be asked to fill in some fields and select a user name and password. When your consent is needed for the collection of your personal data, for instance in order to subscribe to a newsletter , you will be explicitly asked to give it and you will have the right to withdraw it at any time.
- What type of personal data do we collect?
In a nutshell, the personal data we collect and further process are:
- your name, your address and your contact details in general (including e-mail address and phone number) or those of your relatives,
-health data relating to the medical and nursing services offered by the Company or health data for medical services that were not provided by us, but were reported to us by you or third parties
-information you provide for our payment, for example bank card details
- any other information we obtain when we use our websites and digital platforms to inform you about the following services that the Company makes available through its websites and/ or when your register for one or several of these services, i.e.:
- when you subscribe to newsletters” .
- when we send you e-mails or standard mail with announcements/news.
- when you subscribe to e-journals ("IATRIKOS KOSMOS").
- when we manage your medical record, if you have already received services from the Group.
- when we record health data and receive information.
- when you ask questions about medical tourism services. Apart from the above data that you provide to the Group, we may also collect technical information which is construed as personal data, such as the IP address (“Internet Protocol address”) of your machine (e.g. desktop, laptop, tablet, smartphone). This technical information is used to ensure the smooth operation and performance of the websites and electronic services and is not permanently stored by the Group.
For more information about the technologies used on the Group's websites (“cookies”, “internet tags” etc.) see the Company's Data Protection Policy (see Chapter 2 below.).
- What are the principles followed by the Company when processing personal data
The Company processes your personal data in a fair and lawful manner and for clearly defined purposes, which are explained in this Policy. The personal data that the Company processes are only those strictly needed to achieve its purposes, they are accurate and up-to-date, .they are kept for the period of time dictated by the purpose of such processing, they are protected by adequate security measures and they are not transmitted to countries that do not provide an adequate level of protection.
- Who collects your personal data and for what purpose? Are they transmitted to third parties?
Your personal data are collected and processed by the authorized staff in the various company departments, solely for the purposes of providing the various services. They are only transmitted to authorized third parties who are bound by obligations of confidentiality when required to have access to such data in the context of the services provided (e.g. physicians who need to make a diagnosis).
Your personal data may be transmitted to third parties (e.g. a different physician of your choice) / other enterprises working with the Company (e.g. insurance companies with which you are insured).
The Company declares its commitment not to use your personal data for commercial purposes, i.e. sell/ rent by surrendering/ carrying /disclosing or communicating them to third parties or by using them in any other way or for any other purpose which could result in a risk to your privacy, your rights or freedoms, unless prescribed by law, court ruling/ order, administrative act or if it constitutes a contractual obligation which is necessary for the smooth operation of the Company's websites and the completion of their functions .
Personal data may be transmitted for further processing to partners or third parties who comply with the terms of this Policy and are bound by obligations of confidentiality and who act on behalf of the Group in order to provide services, to evaluate and enhance the website's performance, and for marketing or other purposes related to data management and technical support, provided that the user has been informed in advance and has given his/her consent.
The above third parties are contractually bound with the Group that they will use personal data only for the above purposes and will not transmit or communicate personal information to third parties, unless prescribed by law.
- For how long are my personal data stored?
We will store your personal data for as long as required to render a service you have requested. We may store data longer if required by law.
- What are my rights? What can I do if I have an issue with the processing of my personal data?
You have the right to request information about the kind of personal data we process, the purpose of the processing, whether these data are shared with third parties and which third parties they are shared with, as well as any other information you may need in this respect at any time. You are also entitled to receive a copy of your personal data free of charge upon request. Other rights that you enjoy by virtue of the applicable legislation on data protection include the right to request the updating and/ or correction of your data, the right to stop or restrict processing and the right to request erasure from the Company systems, unless otherwise dictated by a legal obligation. You also have a right to data portability and/ or objection to the processing of your personal data.
In particular, as regards the newsletter, you have the option to unsubscribe by following the steps explained in every issue of the newsletter, so as to stop the processing of any personal data related to this service.
The Company will make every effort to reply to your requests without delay and in any case within a month from their receipt. This deadline may be extended for two more months, if necessary, depending on the complexity and the number of requests. You will be informed about the extension of the deadline and the reasons for the delay no later than a month after the Company received your request. If you file your request electronically, you will also get your reply electronically, unless you advise otherwise (e.g. by a written letter).
In any case, if your above rights were violated, you are entitled to address the competent Data Protection Authority (Hellenic Data Protection Authority) and/or exercise your right to judicial redress.
- Are my data safe?
The Company considers the privacy of the persons whose personal data it processes, customers, staff or third parties, extremely important, and makes every effort to protect their confidentiality/ secrecy and their integrity (so that they are not altered, accidentally destroyed, etc.). In this context, the Company follows an Information Security Management System which complies with the best practices set out in the international standard ISO 27001.
The Company takes all the appropriate technical and organisational measures which were designed to protect against loss, misuse, unauthorized access, disclosure, alteration or destruction of information, and ensures the fair and lawful collection and processing of personal data, as well as their secure storage, in accordance with the relevant provisions of Greek, Community and international law regarding the protection of persons from the processing of their personal data, and the relevant decisions of the Hellenic Data Protection Authority, so as to ensure the secrecy and confidentiality of any information it acquires. In particular, this Policy takes into consideration the provisions and articles of Regulation (EU) 2016/679 of the European Parliament with regard to the processing of personal data and on the free movement of such data (“General Data Protection Regulation” – “GDPR”) and does not cease to apply any possible means to comply with it.
Access to the contact details of the visitors/ users of the Company's websites is limited to authorized persons bound by confidentiality obligations (staff, service providers), who are reasonably required to know such data in order to supply their products or services to the visitors/ users of the Website or in order to perform their tasks.
The Company staff and suppliers are expressly prohibited from using cameras or mobile phones for photography or video recording in the Company premises
- How are my data collected and used by the Websites?
Personal data collection is performed by the Company's websites in the following cases:
- When you request information about the health services available through the Company's websites.
- When you subscribe to an e-mail or news service provided by the Company.
- When you subscribe to use the services available on the Company's Websites.
- When you subscribe to e-journals ("IATRIKOS KOSMOS").
- When you voluntarily participate in the health services and programmes provided by the Company.
- When you use “Cookies” or similar technologies (see the next question for more details).
The individual personal data collected are, among others:
- When you subscribe to newsletters: e-mail address.
- When we manage your medical record, if you have already received services from the Group: all personal data contained in the medical record, including health data, medical test results, medical reports, financial details, etc.
- When we record health data and receive information: Medical history details, contact details (e-mail address, postal address, phone number, etc.).
- When you ask questions about medical tourism services: first and last name, health data/ medical history, contact details (e-mail address, postal address, phone number, etc.).
- When we monitor the smooth operation and enhance the functions and performance of the Websites: IP address (“Internet Protocol address”), browsing patterns”, information regarding the use of the Websites, browser history, geolocation, HTTP protocol and other data. These data are stored as a block, so as to avoid user identification as much as possible.
Personal data is collected and processed strictly to ensure:
- an individualized approach in the provision of information and services.
- the provision of health services according to the user's preferences and characteristics.
- a statistical analysis of the number of visits and the use of the Group's websites.
- user satisfaction and direct contact in order to inform about new health services provided by the Group (if users have given their consent).
Further transmission to third parties and associated institutions will be possible only upon request by the visitor/ user. The user's informed consent is expressly requested following a notice on the purposes and the legal grounds for the use of personal data and it is a fundamental requirement before any processing or transmission of the user's personal data happens.
What are Cookies & an internet tags?
- To allow websites to operate properly and at the required speed.
- to recognise the device that you use to navigate the Websites and the browser and/ or the operating system that you use, in order to create a personalized web experience when browsing and/ or using the Company's websites.
- to maintain your settings within a session or across several sessions (for example your user name, your language preferences or your preferred social media), so that you don't have to re-enter data.
- to improve website performance and/ or security.
- to provide content according to your preferences and needs.
- to analyse the way you browse and/ or use the websites.
- For personal data collection without your consent.
- For transmission of your data to advertisers.
- For transmission of your data to third parties without your consent.
The type of cookies used by the Company's websites are “persistent cookies” and “session cookies”. In addition, some third-party services which have been activated on the Websites, such as “social media buttons”, place their own cookies on your computer, which cannot be controlled by the website administrators of the Company.
The session cookies used by the Company's websites are automatically removed as soon as your session has ended and/or when you close your browser. Persistent cookies remain on your computer or other device until you delete them or until a cookie -specific period of time.
You can remove cookies from your computer or any device that you use whenever you wish. However, it should be noted that by not accepting cookies or blocking some of them you will probably not have all the characteristics of the website fully available.
The Company's websites also use “internet tags”. This is a method to measure the way users respond to webpages.
The Company declares that the information it collects or searches through internet tags” and cookies, is NOT related to any personal, identifiable data of the website visitors, such as names, addresses, e-mail addresses and phone numbers.
-What is the website policy of the Company as regards the personal data of children? The Company declares its commitment not to use the personal data of visitors/ users under the age of sixteen (16) years, without the prior consent of the person who has parental responsibility for the child (parent or guardian), by direct contact, offline or online.
What about “links” to other websites?
The Company’s websites may include references to other websites through -hyperlinks. The Company is not to be held liable for the content and services they provide nor can it guarantee continuous and safe access. Under no circumstances shall the Company be considered to have accepted or adopted the content or the services of the websites referenced through the hyperlinks, nor to be related to them in any way. The owner of such websites is the only one responsible for any problem that may occur while you are using them. As regards hyperlinks to other websites, the Company is not responsible for the terms on personal data management and protection that they follow.
We use the social media to show the Company’s work and services through widely used modern channels. The use of social media is specifically indicated on our Websites. For example, you may watch informative videos on the health professionals working in the Company’s clinics, which we upload on the Company’s “YouTube” channel and you can follow (from our webpages) our links to Twitter and LinkedIn.
The Company urges the users to consult the respective policies of third party providers (e.g. “search engines”, “social media” such as Facebook, Linkedin, Twitter etc.) in order to be informed about the practices they follow on personal data protection.
The Company’s Website may contain material with an advertising/ informative content, purpose and character. The Company has no responsibility against the visitor/ user or any other third party for any illegal acts or omissions, inaccuracies or failure to comply with the laws and regulations of any country or of the European Union with regard to the content of such information The Company is not obliged to examine and does not examine whether the information provided by these websites, is lawful or not and cannot be held liable in any way. Such liability lies with the advertised entities, the sponsors and the creators of the advertising material.