PERSONAL DATA PROTECTION POLICY
Name and Contact Details of Controller in accordance with GDPR Legislation:
Dermatology Clinic KarampoikiVasiliki
The security and Protection of your Personal Data
Our dermatology clinic, with a view to the protection of personal data, informs you of the following:
A) Legislation: On 25.05.2018 the General Data Protection Regulation EC 2016/679 (hereafter “GDPR”) came into force https://eur-lex.europa.eu/legal-content/EL/TXT/?uri=CELEX %3A32016R0679 ), for the protection of natural persons against the processing of personal data and for the free circulation of such data, repealing Directive 95/46/EC, which is directly applicable in all EU member states. and is applied, among other things, to every legal entity – business, which processes personal data of natural persons. In implementation of this Regulation, Law 4624/2019 (Government Gazette A139/2019) was enacted.
B)Terminology: For the purposes herein, where the following terms occur, they shall have the following content:
1. i. Personal Data: Any information concerning an identified or identifiable natural person. An identifiable natural person is one whose identity can be ascertained, directly or indirectly, in particular by reference to an identification element, identification number, location data, online identifier or one or more factors specific to the physical, genetic , psychological, economic, cultural or social identity of the natural person in question.
2. ii . Processing: Any operation or series of operations carried out with or without the use of automated means, on personal data or sets of personal data, the collection, registration, organization, structuring, storage, adaptation or alteration, retrieval, information retrieval, use, disclosure by transmission, dissemination or any other form of disposal, association or combination, restriction, deletion or destruction.
iii . Controller : The natural or legal person, public authority, agency or entity that, alone or jointly with others, determines the purposes and manner of personal data processing.
1. iv . Processor: The natural or legal person, public authority or agency or entity that processes personal data on behalf of the controller.
2. v. Recipient : Any natural or legal person, public authority, service or body, to which the personal data is disclosed.
3. vi . Third party: Any natural or legal person, public authority, agency or body, with the exception of the data subject, the controller, the processor and the persons who, under the direct supervision of the controller or the processor, are authorized to process personal data.
vii . Personal Data Breach : The breach of security that results in the accidental or unlawful destruction, loss, alteration, disclosure or access of personal data transmitted, stored or otherwise processed.
viii . Confidentiality : The processing of personal data in a way that guarantees their appropriate security, including their protection from unauthorized or illegal processing and accidental loss, destruction or deterioration, using appropriate technical or organizational measures.
C) What data we collect
Our Clinic, in the context of serving our purposes but also to comply with our contractual and legal obligations, collects the following data:
• the name,
• contact details, i.e. postal address, email address, mobile number, landline number
• health data related to the services provided by our practice or health data that you have disclosed to us
• information related to our financial transaction, e.g. bank card and account information, debit transactions , tax documents, etc.
• The communication between us
D) Method of collecting personal data
Our Clinic, in the context of facilitating every communication and transaction between us, collects information related to your person:
When you communicate with us in any way (e.g. in person, by phone, by written or electronic letter-email or facsimile- fax , through the newsletter , etc. ).
When you do business with us
When you submit requests to us
When you indicate that you wish to be informed about our products and services, in which case you provide us with your data in any of the above ways.
When, in order to achieve or complete a transaction and in the context of this, your data is legally transmitted to us by third parties
For persons under the age of 16, the consent of the persons exercising custody or parental care is required.
To ensure both and each of our communications and transactions, your data must be updated and true. Therefore, please inform us about any possible error, lack, change of your data.
E) Purpose of personal data processing
The collection and processing of your personal data, in accordance with the applicable legislation, takes place under the following conditions and with the following purposes:
– When you have consented and provided your consent to the collection and processing of your data.
– As long as this is required by provisions of the Law or in compliance with our obligations imposed by the police, administrative and judicial authorities and services
– As long as the data is necessary for the preparation and completion of each transaction between us (sales, provision of services)
– As long as the data is required to prove and/or maintain a legal relationship
– As long as it is required to fulfill our obligations
– As required for the establishment of legal claims against you or against any third party
– As long as the processing is necessary for the purposes of the legitimate interests pursued by the controller, unless these interests are overridden by your interest or fundamental rights and freedoms that require the protection of personal data
– To answer your questions or requests
– To better provide medical and/or body and face care services
For information about our offers or the promotion of products and services, if you have accepted the latter. Your consent to this is freely revocable at any time.
– In other necessary cases for which you will be informed in time
F) Responsible for personal data processing
Vassiki Karaboiki is responsible for processing the personal data related to you.
G) Carrying out the processing are specially authorized employees of our Clinic, who are respectively committed to comply with the terms of the GDPR and Law 4629/2019.
H) Duration of keeping personal data
The personal data are kept for as long as is required in relation to the intended purpose in the immediately above chapter. Immediately after the end of the period of serving the above purposes, after the end of the legal obligation to keep the data or after the end of the period within which the company’s legal claims can be raised, the data is deleted.
I) Security of personal data
Your data is safe.
– Access is limited and allowed only to persons authorized by us who work to serve the above purposes and are respectively committed to their protection. After all, they are not communicated to third party recipients except when this is necessary by law. All of the above are respectively bound to comply with the Rules of the GDPR and Law 4629/2019.
– Our computers are protected by a firewall and security software to prevent data leakage due to illegal access
– In the event of a breach or leak of your personal data, you will be informed about it as well as how to deal with the leak within 72 hours.
K) Your Rights
In accordance with the provisions of the law, you have the right to access your personal data, to correct or supplement them, to delete them, the right to request the restriction of processing, to prohibit it and to exercise any of your rights regarding their portability (to receive them).
You also have the right to revoke for the future any consent you have granted for the collection, retention and processing of your data.
Our Clinic examines your requests and responds to you within a month of their submission.
In any case, you have the right to turn to the competent authority either to submit complaints or to file a complaint.
You can submit your requests to the controller as indicated below.
Our Practice has the right, in accordance with the rules of the GDPR and Law 4629/2019, to refuse the restriction of processing, modification or deletion of personal data by providing you with a timely written response, even when their retention is required by contractual or legal obligations and when (and for how long) he has the right to raise claims.
IB) Controller contact details
Requests can be submitted to the data controller in the following ways:
• Telephone: 2103390235
• By email: email@example.com
• Postal: 21 Skoufa, Athens
– What is Cookies & internet tags ?
-For the smooth operation of websites, with the required speed
-To identify the device used to navigate the Website, the browser and/or the operating system you use in order to provide a personalized experience of browsing and/or using the Company Website
-To save your settings during a visit or between visits (such as for example the username you have declared, your preferred language or the use of social media) so that you avoid re-typing certain data.
– To improve the performance or security of the Website
-To provide content based on your interests and needs
To analyze how you browse and/or use the Website.
-To collect personal data without your consent
-For the transmission of your data to advertising companies
-To transmit your data to third parties without your consent
The types of cookies used by our clinic website are ” persistent cookies ” and “ session cookies ”. Also some third-party services that are enabled on the Websites such as “ social media buttons “, they place their own cookies on your computer, over which the administrators of the clinic website have no control.
You can also delete cookies from your computer or device at any time. However, it is pointed out that by not accepting cookies or some of them, some of the features of a website may not be fully available.
The website of the clinic also uses “Internet tags “. This method is used to measure the response of visitors to the website. Our practice assures that through “Internet tags ” and cookies , personal, identifiable information about website visitors, such as names, addresses, e-mail addresses or telephone numbers, is NOT collected or searched.
-What applies to the company’s website regarding children’s personal data?
The clinic undertakes not to process personal data from visitors/users on its website under sixteen (16) years of age, without first obtaining the consent of the person who has parental care of the child (parent or guardian), through direct communication, offline or online. The practice will ask for practical proof of the relationship of the person having parental care with the child and if this happens, you can (in accordance with the applicable law) request that the personal data of the child be deleted. The practice further undertakes that no information campaign through social media pages is directed at minors (under 18 years of age)
-What is true about links to other websites?
Our website does not contain hyperlinks to other websites.
-What is SSL Encoding ?
This website uses SSL Encryption for security reasons and to protect the secure transmission of sensitive information, such as queries sent to the practice as a Website Administrator. You can recognize the encrypted connection when the address in the browser changes from http:// to https:// and the lock symbol appears in the browser bar. When SSL encryption is activated, the information you send us is not visible to third parties