Introduction
The company POSEIDONEIO PRIVATE POLYCLINIC IATRIKI S.A. (hereinafter referred to as "POSEIDONEIO"), fully understands the importance of safeguarding personal data it handles and has implemented appropriate technical and organizational security measures, as defined by the General Data Protection Regulation (EU) 2016/679, national and EU legislation, in compliance with the applicable legal framework.
The personal data processed by POSEIDONEIO are collected for an absolutely explicit and specific purpose, are kept for the necessary period of time as required by law, while their processing is legal, legitimate and absolutely necessary for the purpose of processing. The way in which the data are processed is such that the confidentiality, integrity and availability of the data are preserved at all times.
The principles governing the processing of personal data are described below:
This Security Policy provides every subject who receives or is interested in receiving services from POSEIDONEIO with accurate and transparent information in a concise manner regarding the practices followed for the management and protection of personal data.
This Policy may be amended and adjusted whenever this is deemed necessary, such as, for example, a change in applicable legislation, while the current Policy appears on the POSEIDONEIO website, www.poseidoneio.gr.
Data Controller Details:
POSEIDONEIO PRIVATE POLYCLINIC IATRIKI S.A.
Agiou Alexandrou 21 & Thetidos 16, postal code 17561
VAT number: 095758389
TAX OFFICE: KEFODE ATTIKIS
Data Protection Officer contact details:
IKON Consulting IKE
Asklipiou 19, Nafplio, postal code 21100
Neapoleos 7, Maroussi, postal code 15123
Tel: 2152158153
Email: info@ikon-consulting.gr
Email Address for Contacting the Data Protection Officer: gdpr@poseidoneio.gr
Contact Person: George Economopoulos
Definitions
Personal data
Personal data (or personal data) is any information relating to an identified or identifiable natural person (Data Subject).
Genetic data
Genetic data are personal data relating to genetic characteristics of a natural person that are inherited or acquired, as resulting, in particular, from an analysis of a biological sample of that natural person and which provide unique information about the physiology or health of that natural person.
Biometric data
Biometric data are personal data resulting from specific technical processing associated with the physical, biological or behavioral characteristics of a natural person and which allow or confirm the unequivocal identification of that natural person.
Health-related data
Health data are personal data that relate to the physical or mental health of a natural person, including the provision of healthcare services, and that reveal information about their health status.
Special category personal data
Special categories of personal data include genetic, biometric and health-related data.
Processing of personal data
It means any operation or set of operations performed on personal data, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
Data controller
Data controller is the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of processing personal data
Performing the processing
Processor is the natural or legal person, public authority, agency or other body that processes personal data on behalf of the controller.
Legal framework for personal data protection
The legal framework for the protection of personal data in the context of this Policy means the General Data Protection Regulation (GDPR) No. 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, its implementing law 4624/2019 and any law or regulation issued in continuation or for the implementation of the above General Regulation, as well as any national law in force and applicable and concerning the processing and protection of personal data in general and in particular in the field of health services.
At POSEIDONEIO we collect and process your personal data in accordance with this notice, as well as:
Personal Data we process
During your visit to POSEIDONEIO and in order to provide health services, we process personal data as follows:
Contact information, demographic information, information related to insurance funds, medical history, family medical history, clinical symptoms, medication you are taking, habits related to your lifestyle and health and, in general, any information considered necessary in the context of conducting a medical examination.
This data is collected in the following ways:
Purpose of Processing your personal data
In accordance with the above legal framework, POSEIDONEIO collects and processes personal data of users of its services, companions of users of its services or users of its website for the purposes below and only to the extent strictly necessary for the effective service of these purposes. These data are at all times relevant, appropriate and no more than what is required in view of the purposes below, and are accurate and, if necessary, are subject to information/update. POSEIDONEIO may process personal data, provided that the processing is necessary for at least one of the following legal bases, namely:
POSEIDNEIO collects the above data in order to provide health services in an optimal way. All the information and data will now form part of the service user's individual file and will be kept for at least ten (10) years from the date of your last contact with Poseidonio.
The information recorded in the individual file (electronically or in a physical file) is sensitive personal data and we treat it as confidential. Health professionals who are staff of Poseidon may have access to this information in order to serve the purpose of providing appropriate health services and only to the extent that the access and processing of data is directly and exclusively related to the fulfilment of their duties.
Access to your personal data is also available to the administrative staff of Poseidonio, in order to be able to perform its administrative or financial functions, billing and service to users of the services, as well as for the submission of the necessary data to insurance institutions in order for Poseidonio to be compensated for the services provided. The health data that may come to the knowledge of the Administrative Staff are those absolutely necessary for the performance of the functions of the Poseidonio, are limited and protected as far as possible, and are always classified as confidential. All staff shall be bound by confidentiality, secrecy and confidentiality clauses. At the same time, we implement a range of technical and organisational measures to protect data, and are committed to creating a culture of protecting the confidentiality, integrity and availability of data throughout the Poseidonio operations.
CV management
CV and job application information is stored until the date on which the person to whom the data relates asks us to delete it.
POSEIDONEIO may collect and process the following types of data through CVs for the purpose of future employment in our company:
Name, e-mail addresses, home and work addresses, telephone numbers, CV, employment history, including job titles and company names.
We do not seek to collect personal data revealing racial origin, political opinions, religious or philosophical beliefs or trade union membership or genetic data, biometric data for the purpose of uniquely identifying an individual, health-related data or data concerning an individual's sex life or sexual orientation.
We may share your information with third parties outside of Poseidonio in the following cases:
In addition, the POSEIDONEIO, in accordance with the legal framework, may transmit for the collection and payment of debts arising from the provision of medical services - health services - simple and special category of your personal data to law firms for the establishment, exercise or support of legal claims.
Finally, following your positive consent, it may process your personal data for the purpose of developing, improving and promoting its services, as well as providing benefits.
Source of data
The personal data collected and processed by Poseidonio are taken as follows:
Data retention time
The Poseidonio is obliged to keep documents and/or electronic records for the period of time required by national legislation. In more detail,
Medical records are kept for a period of ten (10) years, as per the Code of Medical Ethics (Law 3418/2005, Government Gazette A 287/28.11.2005), regarding primary health care units.
Data serving the marketing of products or services and/or the provision of benefits are retained for a period of six months after the completion of the operation.
CVs are kept for two years.
Tax information is maintained in accordance with tax legislation.
Rights of data subjects with regard to their personal data
You have the right to exercise, in accordance with the provisions of the legal framework, the following rights:
The rights of the data subject, as described above, may not be possible to satisfy due to a legal obligation, e.g. an obligation to keep the data for ten years, while a request for erasure has been submitted.
Technical and Organisational Security Measures
POSEIDONEIO has taken the appropriate technical and organizational measures, in accordance with technological developments, in order to ensure the implementation of the legislation and the appropriate level of security of your personal data. Through appropriate training, it has developed a culture of data protection and security for all its staff and associates. It has developed and implemented appropriate security policies and procedures and the measures taken are subject to evaluation each time so that the required level of security and protection of personal data is maintained at all times. In addition, it has carefully selected and bound by a framework contract all partners and specialised laboratories that provide specialised healthcare services on its behalf,
Cookies
Our website works with cookies. You will find more information about the types, purposes and the setting of your preferences in the relevant section of the website.
Right to complain
If you have any questions about personal data legislation or wish to lodge a complaint if you believe that your rights have been violated, you can contact the competent Data Protection Authority:
1-3 Kifissia Avenue, Athens, Athens, Greece, PO Box 115 23
Tel: +30 2106475600,
Email : contact@dpa.gr)
In order to protect your personal data, you always have the right of recourse to the competent judicial authorities.
English 
Greek