Name and Contact Details Responsible under GDPR Legislation:
Aesthetic & Reconstructive Plastic Surgery Clinic
Dr. Drimouras Georgios
38 Kapodistriou Street & Ag. Konstantinou
Phone: +30 27510 24884
Security and Protection of Your Personal Data
The Aesthetic & Reconstructive Plastic Surgery Clinic Dr. Drimouras Georgios (hereinafter referred to as the “Clinic”), considers the primary duty to respect personal data and has as a priority the security and protection of your personal data. We undertake to protect your privacy and ensure that all information you choose to provide to us during your visit to this website is collected and used in full compliance with the European Parliament’s Regulation (EU) 2016/679.
What is the purpose of this Policy?
The purpose of this Policy is to provide information on how the personal data of the persons receiving the Clinic services, are collected, stored, used and transmitted, the security measures taken by the Clinic for the protection of personal data, the reasons and the time they are stored, and the type of personal data that is collected. It concerns any transaction or set of operations carried out with or without the use of automated means on personal data or in sets of personal data such as collection, registration, organization, structuring, storage, adaptation or alteration, retrieval of information, use, disclosure by transmission, dissemination or any other form of disposal or association or combination, restriction, erasure or destruction. The Clinic unilaterally reserves the right to update, modify, add, change its services and this Policy from time to time, whenever it deems necessary, without prior notice, always within the applicable legal framework and in accordance with any changes in legislation on the protection of personal data. The Clinic encourages anyone interested to check this Policy at regular intervals to be informed of the changes that have taken place.
What are personal data?
Personal data is any information relating to a particular individual or person whose identity can be ascertained (e.g. name, identity number, address, etc.). Health data (physical or mental status, medical services, etc.) are included in the general term personal data but are a specific category of data. The Clinic will not process your personal data without your consent. However, the Clinic reserves the right, in exceptional circumstances, to process your personal data to the extent permitted or required by law and/or by judgments or prosecutors/orders.
How do personal data be collected?
Your personal data are collected in the following ways:
(a) you provide to us when the Clinic provides medical services to you or a person you accompany, when you contact us in order to receive you or a third party medical service, when you apply for a job at the Clinic’s office, when filling in electronic forms or sending an e-mail to inform you or use the services available on this site
(b) automatically through the browser or mobile device you use to access the web site
(c) provided by a third party partner after you have given your consent (e.g. an insurance company)
In cases where your consent is required to collect your personal information, such as receiving a newsletter on a regular basis, it is expressly requested by you and you have the right at any time to withdraw it.
Which personal data are collected?
In summary, personal data collected and further processed include:
- the name, address and general contact information (including your email address and telephone number), yours or your relatives
- health data on medical or nursing services provided by the Clinic or health data for medical services not provided by us but reported to us either by you or by third parties
- information you give us about our payment, such as bank card information
- other information arising from the use of websites and other digital platforms we use to inform you about the following services provided by the Clinic through its websites and/or your registration in one or more of these
- receive a newsletter on a regular basis
- receive emails or mail/news correspondence
- managing your medical records, if you have received services from our Clinic
- recording health data and receiving information
- asking questions related to medical tourism services
What are the principles governing the processing of personal data by the Clinic?
The Clinic processes your personal data in a manner that is legitimate for clearly defined purposes as outlined in this Policy. Your personal data processed by the Clinic is limited to what is strictly necessary to achieve these objectives, accurate and current, kept for a period determined by the purposes of these objectives, protected by adequate security measures and not transmitted to third parties that do not provide satisfactory level of protection.
Who collects personal data and for what purpose? Are they transmitted to third parties?
Personal data is collected and processed by the Clinic, for the sole purpose of providing the service. They are transmitted only to authorized third parties who are bound to maintain confidentiality when they are required to have access to the provision of such services (e.g. doctors for diagnosis purposes).
Upon your order, your personal data may be passed on to third parties (e.g. other doctor of your choice)/affiliated companies (e.g. insurance companies you have entered into).
The Clinic commits not to market your personal data by offering them for sale/renting by giving them, transferring, publishing or communicating them to third parties or otherwise using them for other purposes that may jeopardize privacy, rights or your freedom, unless required by law, a court order, an administrative act, or if it is a contractual obligation necessary for the proper operation of the websites of the Clinic and the implementation of the operations them.
Personal data may be passed on to partners or third parties, complying with the terms of this Policy and confidential, acting on behalf of the Clinic for further processing to provide services, assess and improve its functionality website, marketing purposes, data management and technical support, only after the user has been informed in advance and his/her consent is obtained. These third parties have been contractually bound by the Clinic to use personal data only for the above reasons and will not forward personal information to third parties and will not disclose it to third parties unless required by law.
How long is my personal data respected?
Your personal data is kept for as long as is required by the nature of the service provided by the Clinic that you have selected and in addition for as long as the relevant legislation sets.
What are my rights? What can I do if I have a subject processing my personal data?
You have the right at any time to ask us what your personal data we are processing, for what purpose we do, if we give it to third parties and to whom, as well as other relevant information. You also have the right to receive a free copy of your personal information at your request.
Other rights you have under the relevant privacy protection law include the right to request updating and/or correcting your data, stopping and/or limiting your processing, and deleting them from the Clinic’s systems, if there is not another statutory obligation to preserve them. You also retain the right of portability and/or to object to the processing of your personal data. In particular, with respect to the newsletter service, unsubscribe can be followed by the instructions contained in each newsletter, to stop processing personal data related to this service. You may exercise all of your above mentioned rights by submitting a written application to firstname.lastname@example.org.
The Clinic makes every effort to ensure that your requests are answered promptly and in any case within one month of receiving them. This period may be extended by a further two (2) months, if necessary, taking into account the complexity of the request and the number of requests. For this extension as well as for the reasons for the delay you will be informed within one month of receipt of the request by the Clinic. If you submit the request electronically, the response will be provided to you, if possible by electronic means, unless you request otherwise (e.g. written letter).
In any case, you can contact the Data Protection Officer of the Clinic, the Hellenic Data Protection Authority (HDPA) and/or bring legal action if you believe that your rights have been violated.
Is my data safe?
The Clinic considers the privacy of the persons to whom it processes their personal data, whether of its clients, of employees or of third parties, and makes every effort to protect them both in terms of the confidentiality of the information and of the their integrity (not to be altered, not to be accidentally destroyed, etc.). In this context, the Clinic implements an Information Security Management System, which follows the best practices of international standards of personal data protection.
The Clinic shall take all appropriate organizational and technical measures designed to protect information from loss, misuse, unauthorized access, disclosure, distortion or destruction and shall ensure the fair and lawful collection and processing of personal data as well as the their compliance with the relevant provisions of Greek, Community and International law on the protection of individuals with regard to the processing of personal data and decisions of the Hellenic Data Protection Authority (HDPA), safeguarding the privacy and confidentiality of any information brought to the attention of the Clinic. In particular, this Policy fully takes into account the provisions and articles of the European Parliament’s Regulation (EU) 2016/679 on the protection of individuals with regard to the processing of personal data and on the free movement of data (General Data Protection Regulation – GDPR) and is constantly making every effort to comply with it.
Access to contact information for visitors/users of the Clinic websites is restricted to authorized confidentiality (employees, service providers) and is reasonably supposed to be aware of this information to provide products or services to visitors/users of web pages or to perform their work.
The Clinic explicitly forbids the use by staff and colleagues, cameras, video cameras, as well as the use of the functions of photography and video recording of mobile phones.
How my personal data are collected and used on the website?
The collection of personal data on this website is done in the following cases:
- when you ask to be informed about the health services provided by the Clinic through the website
- when you sign up and ask to receive emails or medical correspondence/news
- using cookies or similar technologies (see next question below for more details)
- receive a newsletter on a regular basis: an e-mail address
Personal data collected on a case-by-case basis include, but is not limited to:
- management of the medical records of patients who have received health services from the Clinic: all personal data included in the medical records, including health data, medical examination results, doctors’ reports, financial data, etc.
- registration of health data and receipt of information: medical history data, contact information (e-mail address, postal address, telephone, etc.)
- asking for healthcare related to Medical Tourism: name, age, health/medical history, contact details (e-mail address, postal address, telephone, etc.)
- tracking of smooth operation and improving the functionality and performance of web pages: internet protocol address, browsing patterns, information about using a web page, browser history, geolocation data, HTTP protocol data, etc. These data are kept in a centralized format so that users can not be identified as much as possible
The collection and processing of personal data is for the sole purpose of:
- personalized information and service delivery
- the provision of health services according to user preferences and characteristics
- communication with the user to remind you of the scheduled reception of services by the Clinic
- verifying truth and accuracy of user information to avoid and detect fraud
- the statistical analysis of the traffic and the use of the website of the Clinic
- the satisfaction of user requirements as well as direct communication for the purpose of informing about new health services in the Clinic (if users have given their consent)
Further forwarding to third party partners will be made at the request of the visitors/users themselves. User consent is explicitly requested, being informed of the purposes and legal basis for the use of personal data, and is a basic prerequisite for any processing or transmission of the user’s personal data.
What are cookies & internet tags?
Cookies are small bits of text that contain information stored in the browser of the visitor/user’s computer while browsing the site and can be removed at any time and can not access any document file on the computer.
- for the smooth operation of web pages, at the required speed
- to identify the device you use to navigate your web site, browser and/or operating system to provide a personalized experience of navigating and/or using the web pages of the Clinic’s office
- to save your settings during a visit or between visits (such as the user name you have specified, your preferred language, or using social media) to prevent you from retyping some data
- to improve the site’s performance and/or security
- to deliver content based on your interests and needs
- to analyze how you browse and/or use the website
- to collect personal data without your consent
- to transfer your data to advertising agencies
- for transferring your data to third parties without your consent
The types of cookies that the website uses are persistent cookies and session cookies. Also, some third-party services that are enabled on website, such as social media buttons, put their own cookies on your computer, whithout the control of the Clinic’s website administrators.
You can also delete cookies from the computer or device you are using whenever you want. However, it is noted that by not accepting cookies or some of them, some of the features of a website may not be fully available.
The website of the Clinic also uses internet tags. This method is used to measure the response of visitors to web pages. The Clinic assures that, through internet tags and cookies, IPs are not collected or searched for personally identifiable information about site visitors such as names, addresses, e-mail addresses or telephones.
What is applied on the Clinic’s website about children’s personal data?
The Clinic is committed not to process personal data from visitors/users of its website under the age of 16 without having previously obtained the consent of the person who has parental care of the child (parent or guardian) through direct communication, offline or via the internet. The Clinic will ask for the practical proof of the relationship of the parent with the child and if this happens, you can (according to the applicable law) ask for the child’s personal data to be deleted. The Clinic further agrees that no social networking information campaign is targeted at minors (below the age of 18).
What about links on other websites?
The website of the Clinic may contain references to hyperlinks on other websites for the content and services of which the Clinic has no responsibility nor does it guarantee their permanent and secure accessibility. The Clinic should in no case be considered as accepting or adopting the content or services of hyperlinks’ websites or that it is linked to them in any way. For any problems that arise during the use of the above websites, the sole beneficiary of this site is the sole responsibility. In the case of hyperlinks to other websites, the Clinic is not responsible for the terms of management and protection of personal data they follow. We use social media to present the work and services of the Clinic through widely used and modern channels. The use of social media on the part of the Clinic is highlighted specifically on our websites. For example, you can watch health informational videos, which are posted on our personal YouTube page and follow our Facebook, Twitter, and LinkedIn links on our websites.
The Clinic strongly encourages users to consult the respective third party policy (e.g. search engines, social media companies such as Facebook, Twitter, LinkedIn, etc.) so that they are informed of their practices in order to protect their personal data.
What is SSL encryption?
This site uses SSL encryption for security purposes and to protect the secure transmission of sensitive information, such as queries sent to the Clinic. The coded connection can be recognized when the address in the browser changes from “http://” to “https://” and the lock symbol appears in the browser bar. When SSL encoding is triggered, then the information you send to us is not visible to third parties.