HYGEIA Group takes into serious consideration the protection of privacy of its patients, clients and visitors. That is why we strictly follow this Personal Data Protection Policy, which ensures the high level of services we offer and fully complies with the legislative framework in force. Your personal data is collected and stored for the absolutely necessary time, and for specified, explicit and legitimate purposes. It is processed fairly, lawfully and transparently, in compliance with the legal framework in effect and in a way that guarantees data integrity and confidentiality. This data is adequate, relevant, useful and not excessive in relation to the above purposes. It is also accurate and, where necessary, kept up to date.
The details of the Company you have contacted for the provision of healthcare services is as follows:
Company name: DIAGNOSTIC & THERAPEUTIC CENTER OF ATHENS “HYGEIA” SINGLE MEMBER SOCIETE ANONYME
Trading under: HYGEIA S.M.S.A.
Registered in: KIFISIAS & ERYTHROU STAVROU STREET, MAROUSI
TAX NO.: 094027767
TAX OFFICE: SA COMMERCIAL COMPANIES
The details of the Data Protection Officer for the HYGEIA Group companies are:
Dimitris Kolios
14 Fleming Street, 15123 Marousi, Greece
+30 2106867679
This Policy specifies the terms and conditions followed by HYGEIA Group for the general protection of the privacy of the patients, carers, visitors and other parties close to them, whose personal data may be processed with the aim of providing healthcare services, and of the users of www.hygeia.gr. Through this Policy we aim to inform you on how we collect, store and process your information, such as personal data provided by you or your insurer when you choose to receive healthcare services from our Group, or health information arising from the provision of our services and your online medical file.
The Company reserves the right to amend and adjust this Policy as it sees fit, while any changes are in force as soon as they are posted on the www.hygeia.gr website.
“personal data” means any information relating to an identified or identifiable natural person;
“genetic data” means personal data relating to the inherited or acquired genetic characteristics of a natural person, as arising, in particular, from an analysis of a biological sample from the natural person in question, which give unique information about the physiology or the health of that natural person;
“biometric data” means personal data resulting from specific technical processing relating to the physical, physiological or behavioral characteristics of a natural person, which allow or confirm the unique identification of that natural person;
“data concerning health” means personal data related to the physical or mental health of a natural person, including the provision of healthcare services, which reveals information about his or her health status;
“special category personal data” includes genetic data, biometric data and data concerning health;
“personal data processing” means any operation or set of operations which is performed on personal data, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, use, disclosure by transmission, dissemination or otherwise making available, alignment, combination, restriction, erasure or destruction;
“controller” means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data;
“processor” means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
The personal data protection legislative framework in this Policy refers to the General Data Protection Regulation (GDPR) (EU) 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and any law or regulation issued subsequently or for applying the aforementioned General Regulation, as well as any applicable national law in force on personal data protection in general, especially in the healthcare sector.
These include the following applicable laws, as amended and in force:
According to the legislative framework outlined above, HYGEIA Group collects and processes personal data of patients, patient carers or users of its companies’ websites for the following purposes, and to the extent absolutely necessary, to best serve these purposes. This data is relevant, useful and not excessive in relation to the above purposes. It is also accurate and, where necessary, kept up to date. HYGEIA Group may process personal data, provided the processing is necessary, for at least one of the following legal grounds:
a. HYGEIA Group stores and processes the simple personal data provided by you or another person on your behalf for the purpose of carrying out the agreement for provision of healthcare services, signed by you or another natural or legal person on your behalf, and/or for safeguarding your vital interests, and/or for complying with a legal obligation or interest of HYGEIA Group, and/or based on your consent. It may also transfer your personal data to private and/or public insurance companies, and/or associates/processors, and/or competent judicial, police or tax authorities within and outside the EU, in compliance with the legislative framework in force.
HYGEIA Group stores and processes special category data, i.e. medical history, medical tests and medical procedures, submitted by you or another natural or legal person on your behalf, and the medical data arising from the provision of medical services – healthcare services by HYGEIA Group for the purpose of providing medical treatment – and healthcare services based on preventive or professional medicine, medical diagnosis, the protection of your vital interests and/or your explicit consent. HYGEIA Group may transfer the data acquired for the aforementioned purposes within and outside the EU, to private or public insurance bodies, based on your legal relationship with them; a network of physician who offer independent services to our Group; and associates acting on behalf of the Company, in line with the agreements between us with the aim of providing healthcare services.
b. In compliance with the provisions of the current legislative framework, HYGEIA Group may process and transfer simple or special category patient personal data to lawyers to establish, exercise or defend legal claims, or for courts acting in their judicial capacity, to competent authorities, as well as for the purposes of legal obligations or public interest, as specified in the law. Moreover, HYGEIA Group may process and transfer simple data of a patient and/or a patient’s liable person/carer to comply with a legal obligation, as well as for the purposes of performing tasks in the public interest, and for competent police, judicial, administrative and tax authorities within the EU, following a valid request by them. It also has a legal obligation to conduct any necessary internal control into your personal data, in line within its internal procedures, as determined or specified by the law.
c.In compliance with the provisions of the legislative framework, HYGEIA Group may transfer simple and sensitive personal data to law firms for collecting or settling debts arising from the provision of medical services, so as to establish, exercise or defend legal claims.
d. Following your relevant consent, HYGEIA Group may process your personal data for the purpose of developing, improving and promoting its services, as well as for offering privileges.
HYGEIA Group is under the obligation to store documents or online files for as long as the national legislation specifies. In particular, as specified in the Code or Medical Ethics (Law 3418/2005, Government Gazette 287/A/28.11.2005), Article 14(4): “The obligation to store medical files applies for: (i) a decade from the last visit of the patient, for private practices and other private primary healthcare units, (ii) for 20 years from the last visit of the patient, in all other cases.”
Data stored for marketing promotion of products or services, and/or for the provision of privileges shall be erased in six months from the date the campaign was completed.
CVs collected by the relevant Human Resources Divisions are stored for one year and are then destroyed in line with the destruction policy adopted by HYGEIA Group for its companies.
Tax details are stored in accordance with the tax legislation.
The legislation on protection of your personal data gives you the following rights, which you may exercise free of charge in principle and based on the provisions of the legislative framework:
These rights may be restricted due to the obligation to apply another law, as for example in the case you request erasure of data, but we are under the obligation to keep it according to the law.
For any of the above or to resolve any issues as to the personal data protection legislation in force, you may contact our Group as follows:
If you believe that your personal data protection rights are being violated, you reserve the right to lodge a complaint to the Hellenic Data Protection Authority (1-3 Kifisias Avenue, 11523 Athens, Greece, Tel: +30 2106475600, Email: contact@dpa.gr).
You also have the right to file a petition to the judicial authorities responsible for your personal data protection.
HYGEIA Group has taken all the appropriate technical and organizational measures to safeguard the implementation of the legislation and the suitable security level for your personal data. It has also trained all its staff and its network of associate physicians accordingly through the Personal Data Protection Procedures, and has legally bound all its associates who act on its behalf as processors with contracts governed by the guarantees and assurances of the GDPR.
When you give us your email address, you also consent to receiving emails for advertising purposes and direct marketing of our products and/or services through our newsletter. Your email shall be used exclusively by our Group and by the associate acting on our behalf for distributing the newsletters. In any such email, we will clearly and distinctly identify ourselves and will give you the option to object and request, easily and free of charge, termination of communication and erasure of your data from the database in question.
Our website uses cookies. For further information, visit the following link on our use of cookies.