Personal Data Protection Policy
This Personal Data Protection Policy in accordance with Article 13 of the General Data Protection Regulation of the EU 2016/679 (GCPR or GDPR), as well as the relevant Greek legislation in force, informs you of the personal data relating to you, which is collected and processed by the aforementioned specialist doctor, the legal basis for their processing, the purposes of their processing, the way they are used and protected, the possibilities and the rights you have under the above legal frame.
This Personal Data Protection Policy, which provides any person – patient – client receives or is interested in receiving services from the above – mentioned specialist doctor may be amended at regular intervals to ensure that it is always up – to – date and consistent with existing legal provisions. Please visit our website drnikosnaoum.com regularly to make sure you are aware of any changes. It will also be available at the receptionist’s facilities of the above specialist doctor premises.
- What is personal data? – Basic Definitions
I1. The term “personal data”, in accordance with Article 4§1 of the General Data Protection Policy (GDPR), refers to any information relating to an identified or identifiable individual (data subject), hereinafter referred to as “Personal Data or Data “. an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
I2. The term “processing” of personal data “in accordance with Article 4§2 of the General Data Protection Regulation of the EU 2016/679 (GDPR) refers to any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
I3. The term “Controller” of personal data, in accordance with Article 4§7 of the General Data Protection Regulation of the EU 2016/679 (GDPR), refers to the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.
I4. The term “data processor” of personal data pursuant to Article 4§8 of the General Data Protection Regulation of the EU 2016/679 (GCPR or GDPR) refers to the natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
I5. The term “consent” of the person subject to personal data pursuant to Article 4§11 of the General Data Protection Regulation of the EU 2016/679 (CPC or GDPR) refers to any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.
I6. The term “data concerning health” in accordance with Article 4§15 of the General Data Protection Regulation of the EU 2016/679 (CPC or GDPR) refers to personal data related to the physical or mental health of a natural person, including the provision of health care services, which reveal information about his or her health status.
- What personal data relating to you does the above specialist doctor collects?
The aforementioned specialist doctor collects and processes only those personal data related to you which are strictly necessary to serve the purpose for which they were given and are used only for that purpose and only after the above specialist doctor has received your explicit prior consent. Particularly:
1.1. Common personal data relating you:
The specialist doctor collects only those personal data relating you which may include, but are not limited to: name, surname, gender, nationality, personal / family status, age, contact details (home address, and / or mobile phone number, e-mail address), bank details and payment details, ID number and / or Social Security Number (SSN), VAT number, competent tax office. This information and data will be included in the folder/domain and / or tab that will be created in either electronic or printed form.
1.2. Health data (sensitive data):
The aforementioned specialist doctor collects personal and health data relating you which are absolutely necessary for the provision of his medical services and care and the fulfillment of his obligations (i.e. medical history) under the necessary condition that you have explicitly provided him with your prior explicit consent for both your personal data collection and the provision to you of the relevant medical services offered by specialist doctor, either for health restoring/prevention purposes and / or for aesthetic reasons. All the aforementioned personal data relating you will be included in the folder that will be created either electronically or in paper form after you visit the doctor’s facility.
1.3. Data and Contact Details:
The aforementioned specialist doctor collects your name, address, and your contact information (including your email address and your phone number (landline and / or mobile).
1.4. Necessary Information for Payment and Invoicing:
In addition, the above specialist doctor collects information relating you which are necessary for pricing and payment of his services, as well as handling payment issues, such as your VAT, ID number, bank account details and payment information (eg IBAN), etc.
1.5. State and Official Identification Numbers:
The above specialist doctor collects your tax ID, your SSN (Social Security Number), or other identification number issued by a competent state authority.
1.6. Online activity data:
The aforementioned specialist doctor also collects personal data relating you when you are using his online services and websites provided you have explicitly given your prior consent to that purpose. These personal data relating you may include your social media account ID, your IP address, and other online identifiers that you provide on-line when you are using the above website. The above stated clarifications applies only to online services and websites owned by the aforementioned specialist doctor and does not apply to information and persona data collected through any other web site or service.
1.7. The above specialist doctor states that he will not collect and process personal data relating minors without first obtaining the explicit and prior consent of the person who exercises parental care or custody of the minor.
- What is the purpose of processing your personal data?
The aforementioned specialist doctor will process your personal data for the purposes listed below:
- To fulfill his contractual obligations to you, namely the provision of medical services either for the purpose of rehabilitation and / or prevention of a health problem or for aesthetic reason, medical diagnosis and / or treatment purposes.
- To improve the quality of medical services provided to you.
- For any kind of communication with you in the context of services provision (including phone call, SMS, sending an e-mail to inform you about new services, remind, confirm appointment and / and recheck).
- To assess your qualifications and competencies you provide through CV for a job application in the premises of the above specialist doctor and for communicating with you for that purpose.
- For the general compliance of the specialist doctor with his / her legal obligations, resulting from the applicable tax, insurance, labor law, health laws and regulations, regarding the provision of his services and his general legal obligations, including his obligation to maintain a medical record (article 14 Greek Medical Ethic Code), the maintenance of a health data processing file (article 30 GDPR)
- To comply with medical procedures and court judgments in order to respond to requests from public and state agencies and authorities in the exercise of their public authority.
- To fulfill his legal interests.
- To defend his legitimate rights and claims in order to protect his legitimate interests or his associates and in order to safeguard his rights, privacy, security or property and his associates, your own legal claims or your rights, or others people.
- From where the above specialist doctor collect and process your personal data?
Your personal data is collected:
- From you, when you contact him by phone, when filling electronic forms or sending an e-mail, or any other communication you may have with him for information or make use of his services.
- Automatically through your browser or mobile device that you use to access his website. When you visit and use his website for informational purposes only, he collects only the Personal Data relating you, which your browser transmits to the server (web page) and are technically necessary for properly displaying the website to you guaranteeing stability and security. Except for any Personal Data relating to you that is collected by Cookies ( Cookies Policy here), your Personal Data collection is limited to what you have expressly provided for a specific purpose and provided you have given your explicit prior consent. Also, the above specialist doctor collects Personal Data that is relevant to you during your visit to his website provided that you have expressly consented to this, by filling in the relevant fields.
- From social media pages, other social media content, tools, and applications.
- From you, when you visit specialist doctor premises to get information about the services provided in order to be able to provide his services to you.
- Legal basis for processing your personal data
The processing of both your common personal data and your sensitive data is done in the performance of his contractual obligations to you, i.e. the provision of his services to you and is based on:
– by positive action, free, specific, explicit and fully informed consent, which you can freely revoke at any time.
– the conclusion and execution of a service contract between you and the above specialist doctor.
– upon your request when you visit his premises to receive information regarding services provided.
– the legal obligation of the specialist doctor to provide his services to you and to comply with applicable national and / or European legislation and to fulfill his legal obligations to public / state agencies and authorities.
– in his legitimate interest in the provision of his services, in the establishment, exercise or support of his legal claims.
- Time of retention of your personal data
- When the aforementioned specialist doctor provides you his medical services, either for remedying a health problem and / or for prevention purposes or for aesthetic reasons, medical diagnosis or treatment, he maintains your personal data for as long as the relevant legislation, i.e. Greek Law 3418/2015, stipulates which is a period of at least ten (10) years or twenty (20) years after your last visit,
- When the aforementioned specialist doctor must comply with a legal or regulatory obligation, he maintains your personal data for as long as it is required, in accordance with the relevant legislation in order to comply with his obligation.
- When it comes to communicating with you in general, your consent statement is kept for as long as you do not recall it.
- When it comes to filling a job position and sending a CV for a period of six (6) months from receipt.
- Technical protection measures taken by the specialist doctor to protect your personal data
When you provide your personal data to the above specialist doctor, he takes the appropriate technical and organizational measures to ensure that they are kept in safety. He updates and controls the security technology used on a sustained basis. He restricts access to the absolutely necessary personal data relating you and make them accessible only to those who need to know your data in order the specialist doctor to be able to provide you his services. In addition, he trains his associates and associate staff with regard to the importance of confidentiality, privacy and security of your personal data and bind them through austere non-disclosure clauses and agreements relating your information and personal data he collects through the provision of his services to you. Among other methods, the specialist doctor has implemented the following appropriate technical and organizational measures and procedures to protect your personal data from any loss, alteration, damage or unlawful processing:
– Use of servers located in places with classified and restricted access and subject to regular check and monitoring.
– Use of information systems and programs for computers compliant with the GDPR standards, installed in a way that minimizes the use of personal data.
-Assessment of individual procedures for the retention of personal data and safe deletion / destruction;
– Business continuity measures.
– Storing and maintaining your personal data (both common and sensitive) in electronic or printed form, in a special storage area, protected and secure, without unauthorized access.
-Coding, Encryption of data.
– Continuous adaptation and updating of the operation of its processes and systems.
- Who are the recipients of your personal data?
The processing of your personal data is done by specially licensed associate staff of the aforementioned specialist doctor through computer systems and electronic devices by external partners on behalf of the specialist doctor acting as “data processors” (including financial consultants – accountants, legal counselors, external diagnostic laboratories for conducting or confirming examinations) but who have committed themselves to the above specialist doctor under a confidentiality agreement for the protection and use of your personal data only for the purposes provided.
7.1. The specialist doctor guarantees that he will not transmit, notify, concede, etc. your personal data (except as outlined above) unless it is required by applicable law and is required to be made to public / judicial / supervisory bodies and authorities.
7.2. In each transmission of personal data on his own behalf the specialist doctor shall take all appropriate technical and organizational measures to ensure that the data transmitted are the minimum necessary and that the prerequisites for their lawful processing are met.
- Your rights
You have the following rights under the legal framework of the GDPR:
- Right to access – Right to receive information on whether data is being processed and accessed. Right to information on this processing (who, for what purpose, recipients, retention period, etc.)
- Right to rectification – Right to correct inaccurate personal data and fill in incomplete information.
- Right to erasure (‘right to be forgotten’) – Right to request the deletion of any data relating to the subject under certain conditions and to the extent that it does not conflict with any other legal provision (data that are no longer necessary, withdrawal of consent, data submitted to illegal processing).
- Right to Restrict Processing – when data accuracy is questioned, processing is illegal, data is no longer needed by the controller, the data subject opposes the automated processing.
- Right to data portability – Right to request the transfer of personal data to another Person responsible for processing in a structured, widely used and mechanically readable form, as long as this does not conflict with another prohibition of law (eg medical confidentiality)
- The right to address to the relevant data protection authority for any matter concerning its competence in relation to the above described processing of personal data relating you.
You can exercise your above rights upon submitting a written request to the above doctor, who must respond to you without charge and within 30 days from the date of filing the application.
- Consequences of non-provision of your data
In order the above specialist doctor to be able to provide you his services and perform of his contractual obligations the provision of your personal data is necessary; therefore, in the event of your refusal, for your provision of your necessary personal data, he will not be able to provide you with his services.
- How do you contact us?
You can contact us for any questions regarding the processing of your personal data by sending an email to firstname.lastname@example.org
At the premises of the aforementioned specialist doctor there is a Department for the Protection of Personal Data. For the exercise of your rights you can contact it by sending an email to email@example.com or by sending a form to the following address: 2-7 Messogion Ave., Athens 115 27, Greece / Department of Personal Data Protection.
- Publication Information – Changes and Updates