Would you like to make an appointment?

Privacy Policy

PRIVACY NOTICE REGARDING THE PROCESSING OF YOUR PERSONAL DATA

  1. At the Euroclinic Group, we collect and process your personal data in accordance with this Privacy Notice, our Data Processing Policy, and in compliance with the EU Regulation 2016/679, the applicable Greek data protection legislation, the current legal framework on personal data protection as well as the Code of Medical Ethics. We also take all reasonable technical and organizational measures and precautions to protect and safeguard your personal data.
  2. Data Controller Details: Euroclinic Group of companies, (“GENIKI KLINIKI, DIAGNOSTIKO THERAPEUTIKO CHEIROURGIKO KENTRO – EUROKLINIKI ATHINON ANONYMI ETAIREIA” (“Euroclinic Athens”), located at 7-9 Athanasiadou street in Athens and registered in the Greek Chamber of Commerce under the No: 000278101000 / Tax Identification No: 094028438) or/and the Private Diagnostic Center “EUROKLINIKI – SIMEIO D.Y.O. – IDIOTIKO POLYIATREIO IATRIKI MONOPROSOPI I.K.E.” (“SIMEIO DYO – POLYIATREIO”), located at 24th Tsoha Street in Athens and registered in the Greek Chamber of Commerce under the No : 140474201000 / Tax Identification No : 800773883), Telephone number: (+30) 210.6416126, Website: www.euroclinic.gr.
  3. Legal Bases for processing your Personal Data: The legal bases for processing are, on a case-by-case basis,: a) the performance of the contract between us, the execution and the compliance with legal obligations and the exercise of Euroclinic Group’s rights as a Data Controller, according to the GDPR, Article 6, par. 1 (b), (c) and (f), b) the preventive or occupational medicine, the medical diagnosis, the provision of health care or treatment or the management of health care systems and services, according to the GDPR, Article 9, par. 2 (h), c) the purposes and the protection of the legitimate interests of the Data Controller, according to the GDPR, Article 6, par. 1 (f), d) the establishment, exercise and/or defense of legal claims and/or the defense of Euroclinic Group’s rights before Courts, Administrative, Judicial or Independent Authorities or in the context of an extrajudicial procedure, the exercise or defense of Euroclinic Group’s or third parties’ rights before any Judicial or other Authorities etc. according to the GDPR, Article 9, par. 2 (f), e) the compliance with legal obligations to which Euroclinic Group is subject, as those obligations derive from relevant law and the exercise of specific rights in the field of social security and social protection law, in accordance with the GDPR, Article 6, par. 1 (c) and Article 9, par. 2 (b), f) reasons of public interest in the area of public health, such as ensuring high standards of quality and safety of health care and of medicinal products or medical devices, in accordance with the GDPR, Article 9, par. 2 (i), g) the protection of your vital interests, if you are in a state of emergency or in a state where your life is threatened, in accordance with the GDPR, Article 9, par. 2 (c) and Article 6, par. 1 (d), h) your explicit consent, in accordance with the GDPR, Article 6, par. 1 (a) and Article 9, par. 2 (a).
  4. Collection of personal data – data categories – purpose of processing: My personal data (name, address, telephone, email, etc.) as well as my special categories of personal data (the medical file in printed and electronic form, medical data and information necessary for the provision of health services) and my genetic data and biometric data will be subject to both automated and non-automated processing by authorized Personnel for the purpose of providing medical services to me. My necessary personal data will also be used for the identification and verification of my information, for appointment arrangement/confirmation, necessary communication in order for me to receive my results, communication for re-examination under current health protocols, test preparation, patient satisfaction survey, for the legitimate interests of the Data Controller (such as the collection and payment of hospital bills and the safety of persons and goods in our facilities), the compliance with legal obligation and the establishment, exercise and/or defense of legal claims of the Data Controller, for reasons of public interest in the area of public health (such as ensuring high standards of quality and safety of health care and of medicinal products or medical devices), for reasons of management of health systems and services.
  5. Recipients of Personal Data: In the context of the provision of medical services by Data Controller, my personal data (as well as my special categories of data) as described above, will be transmitted, indicatively, to collaborating medical laboratories and diagnostic laboratories/centers and/or nursing institutions and/or other healthcare providers, specifically for examinations that are not performed by the Data Controller, or for the better provision of health services or due to my referral for further hospitalization, to suppliers of materials necessary for my medical surgeries, to collaborating call centers, to storage and archiving companies, to IT service providers and providers of specialized software and applications related to the health sector, to organizations and providers of data hosting and storage services, as well as cloud computing services and of relevant support services, to suppliers and maintenance companies for Medical equipment, as well as to referred-doctors. In the context of the purposes of the processing, my necessary personal data may also be transmitted, inter alia, to my insurance company, to public and independent authorities, to Supervisory Authorities and Organizations under the authority of the Ministry of Health, to HDIKA, to the National Public Health Organization (“EODY”), the National Organization for Medicines (“Ε.Ο.Φ.”), to KE.TE.K.N.Y. and to other authorities and organizations, to debtor information companies˙ moreover, my necessary personal data may also be transmitted, as required by the legal framework, for the purpose of execution of the contract between us and in order to safeguard Euroclinic Group’s legitimate interest regarding the collection and settlement of accounts, to financial institutions, debtor information companies, law firms. In addition, in compliance with the provisions of Article 84 of Law 4600/2019 and paragraph 1 of Article 83 of Law 4954/2022 in order to accurately update the Digital Repository of Diagnostic Laboratory Test Results with the results of laboratory diagnostic tests. In the event that the transmission of my personal data (including special categories of data) involves a recipient located in a country outside the European Union (EU) or the European Economic Area (EEA) or to an international organisation in the context of the purposes of the processing (such as, inter alia, to private or/and public insurance bodies and partners/data processors of Euroclinic Group) including, inter alia, the hosting of Euroclinic’s Group Hospital Information System on infrastructure (data centers) of hosting/storage and cloud service provider located in the United Kingdom -for which the European Commission has issued an adequacy decision according to Article 45 of the GDPR, meaning that an equivalent level of data protection is ensured as within the European Union- Euroclinic Group checks whether: 1. The European Commission has issued a relevant adequacy decision for the third country or international organisation  to which the transfer will take place, according to Article 45 of the GDPR. 2. The appropriate safeguards are observed in accordance with the existing legislation for the transmission of the said data according to Article 46 of the GDPR. Otherwise, Euroclinic Group will transmit my personal data to a third country or international organisation only if one of the special exceptions provided by the existing legislation apply (e.g. the transmission is necessary for the performance of a contract at my request, there are reasons of public interest, it is necessary to support legal claims and vital interests of the subjects, and/or based on my consent etc.).
  6. Personal Data Retention: When the processing of my personal data is imposed as an obligation by provisions of the applicable legal framework, my personal data is maintained by the Data Controller for as long as the relevant provisions impose. It is specifically stated that according to law (3418/2005, FEK Α 287/28.11.2005, Article 14), “the obligation to retain medical records applies to: a) private practices and other primary healthcare units of public sector, for a period of ten years following the last visit of the patient; and b) in any other case, for a period of twenty years following the last visit of the patient”.
  7. Data Subject Rights: Regarding my personal data, I have the option of exercising the following rights: right of access, right of rectification, right of deletion, right of limitation of processing, right of data portability and right to object, by submitting a written request in person or through your legally authorized representative at the Euroclinic Group’s premises or by sending the request by post, with your authenticated signature. Euroclinic Group will respond to your request free of charge, without delay and in any case within one month of receipt of the request, except in exceptional circumstances, when that deadline can be extended by a further two months if necessary, taking into account the complexity of the request and the number of requests. We will inform you of any extension within one month of receipt of the request, as well as of the reasons for the delay. If it is not possible to meet your request, we will notify you without delay and at the latest within one month of receipt of the request for the reasons. You have the right to terminate the complaint to the Personal Data Protection Authority: dpa.gr.
  8. Data Processing Officer Details: For any clarification regarding the processing of your personal data, please contact the Data Protection Officer of our Group: dataprivacy@euroclinic.gr.
  9. Data Processing Policy: Our Data Processing Policy (for detailed information on the processing of your personal data), as well as this Privacy Notice, are available at all points of reception of our facilities/premises, as well as on our web site www.euroclinic.gr, in which, any posted revised version, supersedes their paper version.

To review our Data Processing Policy, click here