Privacy Notice
- At the Euroclinic Group, we collect and process your personal data in accordance with this Privacy Notice, our Data Processing Policy, and in compliance with the EU Regulation 2016/679, the applicable Greek data protection legislation, the current legal framework on personal data protection as well as the Code of Medical Ethics. We also take all reasonable technical and organizational measures and precautions to protect and safeguard your personal data.
- Data Controller Details: Euroclinic Group of companies, (“Euroclinic Athens”, located at 7-9 Athanasiadou street in Athens and registered in the Greek Chamber of Commerce under the No: 000278101000 / VAT No: 094028438) or/and the Private Diagnostic Center (“SIMEIO DYO – POLYIATREIO”, located at 24th Tsoha Street in Athens and registered in the Greek Chamber of Commerce under the No :: 140474201000 / VAT No : 800773883).
- Legal Bases for processing your Personal Data: The legal bases for processing are, on a case-by-case basis,: a) the performance of the contract between us, the execution and the compliance with legal obligations and the exercise of Euroclinic Group’s rights as a Data Controller, according to the GDPR, Article 6, par. 1 (b), (c) and (f), b) the preventive or occupational medicine, the medical diagnosis, the provision of health care or treatment or the management of health care systems and services, according to the GDPR, Article 9, par. 2 (h), c) the purposes and the protection of the legitimate interests of the Data Controller, according to the GDPR, Article 6, par. 1 (f), d) the establishment, exercise and/or defense of legal claims and/or the defense of Euroclinic Group’s rights before Courts, Administrative, Judicial or Independent Authorities or in the context of an extrajudicial procedure, the exercise or defense of Euroclinic Group’s or third parties’ rights before any Judicial or other Authorities etc. according to the GDPR, Article 9, par. 2 (f), e) the compliance with legal obligations to which Euroclinic Group is subject, as those obligations derive from relevant law and the exercise of specific rights in the field of social security and social protection law, in accordance with the GDPR, Article 6, par. 1 (c) and Article 9, par. 2 (b), f) reasons of public interest in the area of public health, such as ensuring high standards of quality and safety of health care and of medicinal products or medical devices, in accordance with the GDPR, Article 9, par. 2 (i).
- Collection of personal data – data categories – purpose of processing: My personal data (name, address, telephone, email, etc.) as well as my special categories of personal data (the medical file in printed and electronic form, medical data and information necessary for the provision of health services) will be subject to both automated and non-automated processing by authorized Personnel for the purpose of providing medical services to me. My necessary personal data will also be used for appointment arrangement/confirmation, necessary communication in order for me to receive my results, communication for re-examination under current health protocols, test preparation, patient satisfaction survey, for the legitimate interests of the Data Controller (such as the collection and payment of hospital bills and the safety of persons and goods in our facilities), the compliance with legal obligation and the establishment, exercise and/or defense of legal claims of the Data Controller, for reasons of public interest in the area of public health (such as ensuring high standards of quality and safety of health care and of medicinal products or medical devices), for reasons of management of health systems and services.
- Recipients of Personal Data: In the context of the provision of medical services by Data Controller, my personal data (as well as my special categories of data) as described above, will be transmitted, indicatively, to collaborating laboratories and/or nursing institutions and/or other healthcare providers, specifically for examinations that are not performed by the Data Controller, or for the better provision of health services or due to my referral for further hospitalization, to suppliers of materials necessary for my medical surgeries, to collaborating call centers, to storage and archiving companies, to IT service providers, to suppliers and maintenance companies for Medical equipment, as well as to referred-doctors. In the context of the purposes of the processing, my necessary personal data may also be transmitted, inter alia, to my insurance company, to public and independent authorities, to Supervisory Authorities and Organizations under the authority of the Ministry of Health, to HDIKA, to KE.TE.K.N.Y. and to other authorities and organizations, to debtor information companies.
- Personal Data Retention: The Data Controller is obliged by law (3418/2005, FEK Α 287/28.11.2005, Article 14) to keep your personal data for twenty (20) years, starting from your last visit to our hospital.
- Data Subject Rights: Regarding my personal data, I have the option of exercising the following rights: right of access, right of rectification, right of deletion, right of limitation of processing, right of data portability and right to object, by submitting a written request in person or through your legally authorized representative at the Euroclinic Group’s premises or by sending the request by post, with your authenticated signature. Euroclinic Group will respond to your request free of charge, without delay and in any case within one month of receipt of the request, except in exceptional circumstances, when that deadline can be extended by a further two months if necessary, taking into account the complexity of the request and the number of requests. We will inform you of any extension within one month of receipt of the request, as well as of the reasons for the delay. If it is not possible to meet your request, we will notify you without delay and at the latest within one month of receipt of the request for the reasons. You have the right to terminate the complaint to the Personal Data Protection Authority: dpa.gr.
- Data Processing Officer Details: For any clarification regarding the processing of your personal data, please contact the Data Protection Officer of our Group: dataprivacy@euroclinic.gr.
- Data Processing Policy: Our Data Processing Policy (for detailed information on the processing of your personal data), as well as this Privacy Notice, are available at all points of reception of our facilities/premises, as well as on our web site www.euroclinic.gr, in which, any posted revised version, supersedes their paper version.
To review our Data Processing Policy, click here