Introduction

Τhe Data Controller of your personal data is  BADEKAS-TAΚVORIAN Medical Services  Ltd at Lazaraki Andrea 10, 16675 Glyfada, TIN: 997959188, e-mail: mariatakvorian@gmail.com . 

In our everyday activities we process data concerning individuals, mainly:

• Patients
• Web site visitors
• Patient carers, Personnel, Vendors, Partners

The clinic complies with the General Data Protection Regulation (2016/679 E.U. GDPR) and all other European and national legislation (i.e. Law 4624/2019) concerning the protection of personal data, the code of medical ethics, electronic communications etc. and commits to safeguard your data at any time:

• The data is collected for specific, explicit and lawful purposes and is not further processed in a way incompatible with our purposes.
• We collect the necessary, for all purposes of processing, personal data and process it lawfully, fairly and transparently in relation to the data subjects.
• We ensure that your data are as accurate and up to date as possible and we retain them only for the time necessary for the purposes for which they are collected.
• In all cases, the criterion we use to determine ther storage period is based on and takes due account of the need to comply with any relevant legal requirement and the principle of data minimization.

We process the data electronically and manually and take all appropriate measures to protect personal data against unauthorized or unlawful processing as well as against accidental loss, destruction or damage, using appropriate technical and organizational measures.

Purpose, legal basis of processing and retention time of your data

• Data we collect automatically through our website

The  web sites www.podi.gr ,  www.orthorehab.gr use the SSL (Secure Sockets Layer)     Protocol which encrypts the data  exchanged between two devices (most commonly electronic Computers) by establishing a secure connection between them via the Internet, which results in the protection of your personal data.

When you visit our website, our server collects the so-called log files, namely:

• Internet protocol address when you sign into the site. The IP address is personal data along with the date and time of your visit, although we cannot only track you with this data.
• Date and time of entry to the site.
• The volume of data sent in bytes.
• The browser and operating system you used to sign-in.
• Other information about websites you’ve visited and information you’ve searched for.

The legal basis for which we collect your data and retain it in special files (log files) is our legitimate interest in ensuring the security of networks, information and services from accidental events or illegal  and  malicious actions that may affect the availability, authenticity, integrity and confidentiality of stored or transmitted data (e.g. control of DDoS attacks ” Denial of service”), as well as our legal obligation to provide a more secure environment for the processing of your personal data. The data will not be transferred or used in any other way  and will be deleted in approximately one week. However, we reserve the right to check the server logs if specific Indications of unauthorized use.

• Patients’ Data

When you visit our Clinic, we collect your personal data such as full name, middle name, e-mail, postal address, gender, age, profession, address, medical history, visits history, exams results and any other information related to the provision of medical services to you.

Your data, such as name, phone number and other information you wish to provide, may also be obtained from our service providers offering appointment services. These service providers share your information to us, in order to manage your appointment.

The purpose of the processing of your data is to provide you with the requested medical services as well as the referral to a hospital. Legal basis for the processing of the performance of the contract between us, as well as our compliance with legal obligations such as those arising from the Code of Medical Ethics.

The retention period of your data is the required by law (10 years according to the Code of Medical Ethics) possibly longer if legal claims arise.

• Data we collect by email

In the context of communication between us by email, we collect your name, email address and any other information you provide to us. This data is stored and used exclusively to respond to your request. The legal basis for the processing of your personal data is your consent. Your data will be deleted after the final processing of our communication. This will happen after the completion of the purpose and scope of our communication, provided that there are no legal requirements for storing such data.

• Registration and sending of our newsletter

With your consent we will collect your e-mail in order to send you our newsletter with the news of our medical services  and articles that you may find interesting. The legal basis for processing is your consent and you have the right to revoke it at any time.

• Pages in Social Media Σελίδα στο Facebook και στο Instagram

We have pages on Social Media. You can contact us through our pages in Social Media in order to receive more information about our services using the “Send Message” or other similar option. In order to respond to your relevant inquiries, we process your username in the social media and your communication data; we may also have access to other information that is publicly available through your Profile. The sending of a message for the purpose of communicating with us implies your consent to the processing of your data. 

We take all security measures (technical and organizational) to ensure the security of data processing through social media, such as the limitation of individuals who have access to account management.  We are not responsible for the way or means that the social networking platforms process your data, and we recommend you visit their own Privacy Policy.

• Vendors’ data

In order to perform the contract between us we collect the data that our suppliers provide, such as name, address, contact details, shipping details, TIN, bank account numbers etc. The legal basis for the Processing of your data is the execution of a contract as well as our compliance with tax and other legal obligations. We maintain your data for up to twelve years from the last provision of services, or as long as required by the tax and any other relevant legislation.

Who has access to your data?  Data Transfers

Your data is processed electronically and manually in accordance with the procedures and practices related to the above purposes and is only accessible by our authorized personnel that processes personal data for the performance of their duties and is bound by a confidentiality agreement.

Your data may be disclosed to entities who provide us with external professional services (such as medical exams, accounting, auditing, consulting, legal Services, website hosting & services) that will act as Data Processors who have been authorized to process personal data on our behalf, with the same restrictions and in accordance with the applicable law. The above recipients receive only the necessary data for the respective services that they provide us and process your data only for the purposes stated above and in accordance with the data protection laws.

In case you need to be hospitalized with our mediation and care, we will provide the hospital with the data necessary to book your position. The legal basis for such processing is your consent.

Where appropriate, such individuals/legal entities shall act as Joint or Independent Controllers, Processors or persons authorized to process personal data for the same purposes mentioned above, with the same security measures and in accordance with applicable legal obligations.

Finally, the data may be further disclosed to public authorities and institutions, as well as to our legal supporters (legal and insurance companies) for legitimate purposes.

Apart to the above, the data will not be disclosed to third parties, individuals or legal entities and will not be disseminated.

Our clinic does not transfer personal data outside the EU, and if necessary (for example, in order to use Cloud services) this will be done under the terms and conditions set out in articles 44 and following of the GDPR, as with your consent, the implementation of standard contractual clauses approved by the European Commission or in countries considered safe by the European Commission.

Minors’ Data

When we need to process minor’s data  (according to the GDPR, of those who have not reached the age of 15 years),  are processed only with the written and expressly expressed consent of persons who have parental responsibility for the minor.  In any case, we make reasonable efforts to verify that consent is granted or approved by the person who actually has parental responsibility for the minor.

Cookies and related technologies

Like most websites, we use cookies and similar technologies when you access and browse our website in order to make your visit as comfortable and effective as possible.

Cookies are small text files that are stored on the hard disk of the computer or other electronic device with which the user accesses the site. Cookies are unique to each Web browser (e.g. Google Chrome, Mozilla Firefox, Internet Explorer, Opera, etc.) and contain anonymized information relating to the websites you visit and the devices You are using.

Types of cookies we use:

1. A) technical and Functionality Cookies (required)

These cookies are responsible for basic functionality of our website and application. They are necessary for you to browse our website and to access the various sections of this site. The provision of the website’s basic Web services is not possible without these cookies.

1. b) statistical Analysis and performance Cookies

These cookies collect information about how you use our website, such as the site from which your visit originated, the pages you visit most often, the browser you used, etc. We use them for the purpose of analyzing traffic and improving the performance of our website. They collect aggregated, anonymous statistical information that cannot lead to the visitor’s identification.

About the Google Analytics service

We use the Google Analytics service to record traffic and improve our website. Google Analytics uses Cookies to store certain information, such as the length of the visit to the website, the browser used, the location from which the visit originated, as well as frequency of visits. In order to access this data, we allow Google Analytics to place cookies on the hard disk of the computer or any electronic device of the visitor. The Google Analytics service is owned  by Google Inc. More information about your data processing policy by Google can be found here, and for the use of cookies within the Analytics service, here. Technical information about Google Analytics cookies is available  here.

You have the option to block your data collection through Google Analytics altogether by installing the add-on in your browser:

https://tools.google.com/dlpage/gaoptout

1. c) Commercial promotion/targeted advertising Cookies

We use cookies (usually third parties’,  such as Google) to display personalized advertisements tailored to your preferences. A unique ID identifies information such as your IP address, Your browser, which ad has already been viewed in your browser, and whether you’ve accessed a webpage through an ad or what geographic location your visit comes from. You have the option to reject the installation of these cookies, so that ads that you are shown are not personalized.

Cookie Management

You may decide to accept all or part of the cookies when you visit to our website. You may also set up your browser in a way that you are informed about the setting of cookies and decide to accept or block them. Each browser differs depending on how it manages cookie settings. This is described in the Help menu of each browser, which explains how to change your cookie settings. Follow the links below depending on the browser you are using:

Internet Explorer

Firefox

Chrome

Safari

Opera

Please note that you need to adjust the settings separately in each browser and on each device you use. We also inform you that any limitation of cookies will prevent you from fully using some of our services and will not allow us to improve and personalize your navigation on our website.

You can find more information about cookies on www.allaboutcookies. org  and  www.youronlinechoices.eu.

Alternatively, you may disable the use of third-party Cookies via the relevant  Network Advertising Initiative service.

See here  in detail the cookies we use.

Rights of the Data Subjects

You may contact us any time, by sending mail or e-mail to the addresses mentioned at the introduction paragraph in order  to exercise  your rights:

• Right of access and information, i.e. to inform you whether the personal data relating to you or your children are processed, to request copies of such data, where the data is located etc.,
• Right to rectification of inaccurate and incomplete data
• Right to erasure of data (only when permitted by law and when technically possible) and/or restriction of processing
• Right to object (e.g. to sending informative correspondence).
• The right to withdraw consent, which does not affect the lawfulness of the processing until the revocation.

Likewise, you can always report comments and submit complaints to the Greek Data Protection Authority, Kifisias 1-3, GR 115 23, Athens, call center: + 30-210 6475600, or to www.dpa.gr