Privacy Policy
PRIVACY AND PROTECTION OF PERSONAL DATA POLICY
1. The Controller responsible for processing your personal data is the company or sole proprietorship under the name "Thomas Siempis" ("the Practice"), located at Mitropoleos Street No. 110, Postal Code 54621, Thessaloniki and is legally represented, with telephone center 2313 022 975 and contact e-mail info@drsiempis.com
2. General principles observed by the Practice when processing data
2.1. If you exercise any of your three (3) legal rights below, the Practice will respond to you, in accordance with the prescribed internal procedure it follows, within one (1) month of receiving the request or in case of objective difficulty, complexity of the request or volume of requests . Requests are submitted in writing to the email address info@drsiempis.com. The Practice will respond within a maximum period of three (3) months, regarding your request, either by processing it or by justifying the refusal to execute it for legal reasons, which are expressly specified in the General Data Protection Regulation (EU) 2016/679 – GDPR, (“Regulation”) and national legislation.
2.2. In the event that the Practice considers that any of your rights that are being exercised are unfounded or the request is excessive or repetitive, it is entitled to refuse to proceed with the request.
2.4. In case you believe that your rights have been violated, you have the right to file a complaint with the competent supervisory authority, (Personal Data Protection Authority, "APDPH", Athens Kifisias 1-3, P.O. 115 23, Athens, contact @dpa.gr, +30-210 6475600).
3. Your Rights in relation to the processing of your personal data
3.1. Right to Information
You reserve the right to be informed about the personal data you have provided to us and we retain for one or more of the purposes described below.
3.2. Right of Access
You retain the right to request from the Practice access to your personal data and more specifically information regarding the purposes of processing, the categories of personal data, the categories of recipients, the period of time for their retention and processing, the existence of the right to complain to the Data Protection Authority as well as a copy of personal data held and processed.
3.3. Right of Correction
You reserve the right to request from the Practice the correction of your data in the event that any element of which we have the right to process has changed or has been entered incorrectly or incompletely.
3.4. Right to Erasure
You retain the right to request from the Practice complete or partial deletion of your data, which we have the right to keep and process, either because they are no longer necessary to fulfill the purposes for which they were collected, or because you revoke your consent, or because the data was collected for a purpose that you consider unlawful.
3.5. Right of Limitation
You retain the right to request from the Practice a limitation of the processing of your data, quantitatively, temporally and/or in relation to the purpose of their processing.
3.6. Right to Object
You retain the right to object to the use of your data being processed, unless the Clinic demonstrates compelling and legitimate reasons for its processing, which override your interests or are necessary for the establishment, exercise or support of its legal claims.
CATEGORIES OF DATA SUBJECTS
1. A) PATIENTS
A.1. Data Categories
During your visit to the premises of our Clinic, we provide you with health services and for this purpose we process your personal data. In particular:
a) When filling out a printed form at the premises of our Practice or directly sending an email or contacting us by phone, you provide us with your first name, last name, residential or business address, contact phone number, A.M.K.A., A.F.M. , ID number, e-mail address, professional status.
b) In the context of the provided health services, in addition to the above basic data, we also process sensitive data, such as health data, biometric data, which is necessary for the performance of our services, the conduct of medical measurements, medical examinations and diagnoses and extension of our contractual relationship. In the above two cases, (a and b), if the patient is a minor, the data of the parent or guardian is also processed for the provision of medical services to the minor patient.
A.2. Purpose of Processing – Legal Basis:
a) The processing of the data under A.1. (a) is necessary for the conclusion of the contract for the provision of medical services and for the compliance of our Company with tax legislation. The legal basis for this data processing, is the execution of the contract between us, according to article 6 par. 1b of the Regulation and our compliance with the relevant legislation, according to article 6 par. 1c of the Regulation.
b) The processing of the data under A.1.(b) is necessary for the purposes of carrying out the intended medical examinations, medical diagnoses, performing medical surgeries, and generally providing treatment for patients' health problems, which in combination with compliance with applicable national legislation, the Code of Medical Ethics and the execution of the medical services contract between us, constitute the legal bases for the processing of these data, (Article 6 par. 1b of the Regulation and Article 9 par. 2 of the Regulation).
A.3. Data Retention Time:
a) The aforementioned personal data provided to us for the specific purposes of processing will be kept by our Practice for as long as the relevant tax and medical legislation dictates (e.g. Code of Medical Ethics, etc).
b) It is noted that in the event that you provide us with the above data under A.1.(a) but in the end for any reason the medical services are not provided by our Clinic (e.g. due to cancellation of your scheduled appointment and non-attendance at the premises of the Clinic) the specific data will be deleted within thirty (30) days from the information systems of the Clinic.
(B) PARTNER – SUPPLIER & CANDIDATE PARTNER – SUPPLIER
B.1. Categories of Data – Purpose of processing – Legitimate Basis
a) Your data (name, e-mail address, telephone, residential or business address, status, professional activity and/or our services that interest you, etc.), which are collected pre-contractually, by sending an e-mail, telephone communication or filling out the contact form on the website of the Clinic, are processed for the purpose of either investigating the possibility of a transaction with our Practice or for the purpose of establishing the relationship between us and our obligation to comply with the labor, insurance and tax legislation respectively.
b) The legal basis for the processing of the above data (under B.1.a) is to serve the legal interests of the Practice for the purposes of commercial policy and to ensure its smooth operation, (article 6 paragraph 1 item (f - στ) of the Regulation), while the legal basis for data processing (under B.1.b) is the execution of the contract between us as well as our compliance with the legislation (art. 6 par. 1 item (b) and par. 1 item (c) of the Regulation).
c) The Practice does not, in principle, collect and process special categories of personal data (sensitive), i.e. data related to your racial or ethnic origin, your political opinions, your religious or philosophical beliefs or your membership to a trade union, data concerning your sex life or sexual orientation, your genetic or biometric data and health data, for the purpose of identifying you as a data subject,
Exceptionally, the Practice can collect and process the above data, only if there is a legal reason.
B.2. Data Retention Time
a) We will keep your above (under B.1.a) data for a period of five (5) years to serve our commercial purposes and then we will delete them.
b) We will keep your above data (under B.1.b) which have a financial, insurance and tax implications for as long as the tax and/or insurance legislation stipulates.
c) All the rest (under B.1.b) of your data (which is not required by law to be kept for a specific time) is deleted within five (5) years from the end of the contract or relationship.
d) After the expiration of the corresponding (legal) retention period for the Data, we will delete it at our own risk, following the relevant internal procedure of our Clinic.
Transmission of Data
a) Your data (for categories A & B) us not intended to be transmitted to any third party outside the Clinic. As a data controller, we have taken all the necessary security measures in order not to allow access to your personal data to anyone other than the appropriately authorized persons and only for the processing purposes provided for herein.
In the context of our activity, the service and pursuit of our legitimate interests, we may legally and legitimately disclose your data to external partners of the Practice, such as the accounting services and tax support company, the support company of the Information Systems of the Practice, our medical device support company and email service provider.
b) Your data in addition to the above transmissions, may also be forwarded to public bodies and services, to competent tax authorities and/or to insurance funds, to judicial and independent authorities, in the context of our compliance with the respective legislation.
c) The Practice keeps, as a rule, your personal data within the European Union. In the event that data is to be transferred to third countries outside the European Union, all appropriate guarantees provided for in the applicable legislation for the protection of personal data regarding transfers to third countries will be taken.
(C) WEBSITE VISITORS
C.1. Data:
If you fill out the online contact form on the website of the Practice, you provide us with your name, email address and contact phone number.
C.2. Purpose of Processing:
The receipt, processing and storage of your data you provided in the context of the communication is used exclusively for our response to the requested communication.
C.3. Legitimate Basis – Data Retention Time:
Legitimate Basis for the processing of your data is your consent to it in order to fulfill the respective purposes above, according to article 6 par. 1a of the Regulation. For the fulfillment of these purposes, we consider a reasonable and necessary time to retain your relevant data for a period of two (2) years.
4. Warranties
We assure you that our Practice will exhaust every technical and organizational measure to protect your Data and will only make the optimal, minimal and absolutely necessary use and processing of the Data, as defined by law and strictly and exclusively for the purpose for which we you have allocated.