The protection of personal data is of paramount importance for the Mesogeios Dialysis Centers and is therefore realized with utmost seriousness. Showing respect to the personal data we manage and ensuring that they are processed correctly is one of our Group’s priorities.
For this purpose, we take all necessary technical and organizational measures to protect the personal data we process and to ensure that it is always processed in accordance with the requirements set by the applicable national and European legal framework, and by the General Data Protection Regulation (EU) 2016/679 in particular.
1. DATA CONTROLLER – CONTACT INFORMATION
The Mesogeios Dialysis Centers Group acts as a Data Controller for all the personal data it collects, records, organizes, configures, stores, modifies, retrieves, submits to be processed, transmits, restricts, or deletes.
Mesogeios Hemodialysis Vacation Center SA (distinctive title: Mesogeios SA)
(Hereinafter referred to as the “Mesogeios Dialysis Centers” Group)
Address: Kalessa, Gazi, Heraklion - Crete, P.C. 714 14
For issues regarding the processing or the management of personal data in general, you can contact the Company’s Data Protection Officer, Mrs. Ioanna Gallou, at the e-mail address: firstname.lastname@example.org
2. TYPES OF DATA WE COLLECT AND PROCESS & PROCESSING PURPOSES
A. When you visit the Mesogeios Dialysis Centers
We collect and process personal data primarily for the purpose of providing medical services for the treatment of chronic kidney disease and renal replacement therapy (dialysis services).
To provide these services to their patients, Mesogeios Dialysis Centers collect and process the following personal data: name, age, contact numbers, address, ID card number or passport number, TIΝ (Tax Identification Number), SSRN (Social Security Registration Number), insurance fund, as well as health-related information (e.g. medical history, blood sample for analysis, and the results of diagnostic, medical, or nursing activities), which form part of the patient’s medical record.
We would like to inform you that a closed circuit television system (CCTV) operates in the premises of the Centers to ensure the safety of both individuals and items. Said system records patients, visitors, and employees within the public areas of the Group’s premises. These image recordings and the processing of the relevant data is realized in accordance with the legislation in force.
B. When you visit the website of the Mesogeios Dialysis Centers (www.mesogeios.gr)
C. When you use the contact form or the CV application form on the website of the Mesogeios Dialysis Centers (www.mesogeios.gr)
Every time you use the contact form of our website, we collect the data you enter in the required fields (name, phone number, and email) in order to respond to your message.
In case you send us your CV, we collect the information you enter in the relevant fields (name, phone number and e-mail, information about your education and previous work experience, etc.). We also save the attached CV along with any annexes, in order to evaluate it for a possible position in the Group. We would like to inform you that we keep the CVs that we receive for a period of 6 months. If you would like your CV to be deleted earlier, please notify us at the e-mail address: email@example.com or firstname.lastname@example.org
D. When you subscribe to the newsletter of the “Mesogeios Dialysis Centers” Group
We use the email you provide us with on the newsletter form of our website in order to keep you updated and promote the services and scientific activities of the Group.
3. LEGAL PROCESSING BASES
All of the aforementioned personal data is collected and processed for the purpose of providing dialysis services. Some of this data (e.g. email, contact numbers) may also be used for the purpose of informing and promoting the services and scientific activities of Mesogeios Dialysis Centers (via sending newsletters), always with your express consent.
The legal data processing bases, depending on each case, may be:
- The provision of all medical dialysis services by the Mesogeios Dialysis Centers to their patients.
- The execution of the contract between Mesogeios Dialysis Centers and their patients in order for the latter to receive the necessary medical and nursing services.
- The compliance of the “Mesogeios Dialysis Centers” Group with its legal and regulatory obligations arising from the applicable national and European legal framework regarding the Group’s operating activities.
- Promoting, safeguarding, and protecting the legal interests of both the “Mesogeios Dialysis Centers” Group and its patients should we need to uphold legal claims or defend our rights and interests in court. Our vested interests include, inter alia, the development and improvement of the services provided by the Group, as well as its uninterrupted and continuously improving operation.
- The consent we may be provided with so that our clients (existing or potential) can receive information about the services of the “Mesogeios Dialysis Centers” Group, its scientific activity, business operations and activities, etc.
4. WHO RECEIVES YOUR PERSONAL DATA
First, authorized employees of the “Mesogeios Dialysis Centers” Group have access to your data as part of the duties of their position.
In addition, your personal data may be transmitted to third parties such as:
- Your insurance fund
- Your attending physician if you request and authorize us to do so
- Your private insurance company in case you inform us that you wish to use it
- Cooperating specialized laboratories
- Hospitals that are our scientific associates
- Material supplying companies, if required
- Auditors and other public bodies, in compliance with the Group’s obligations arising from the applicable legal and regulatory framework.
The transfer of your personal data is in all cases confidential, private, and subject to the terms of medical confidentiality.
5. DATA RETENTION PERIOD
At first, we store your data for at least as long as you are a patient of our Centers. In addition, under Law 3418/2005, we are required to keep your medical record for 10 years. After those 10 years pass, your data is kept for an additional 10 years for security reasons and possible audits by state audit authorities.
If the processing of your data is based on your consent, your personal data will be kept until such consent is revoked. It should be clarified that the withdrawal of consent does not affect the legality of any processing that took place based on said consent while it was in force.
In any case, the “Mesogeios Dialysis Centers” Group shall apply all appropriate technical and organizational measures to ensure the protection of the personal data it processes, and shall also continuously take care to prevent any unauthorized access to such data.
6. RIGHTS OF THE SUBJECTS IN REGARD TO THEIR PERSONAL DATA
The following rights may be exercised with regard to the processing of your personal data:
- Right of access
You have the right to know what data of yours we keep and process, the reason we do this and any additional information about it, as well as to request a copy of it.
- Right to correction
You have the right to request the correction, modification, and supplementation of your personal data.
- Right to deletion (“right to oblivion”)
You have the right to request the deletion of your personal data when it is processed after you have given your consent. In cases where the processing is based on another legal basis (such as executing a contract, a legal obligation or protecting the vested interests of the Company etc.) your right may be subject to limitations or may not exist at all.
- Right to limit processing
You have the right to request the restriction of the processing of your personal data
- when its accuracy is called into question and until verification is completed
- alternatively, instead of deleting it
- when it is no longer necessary for the processing purposes for which we had collected it, but is still necessary for the establishment, exercise, or defense of legal claims by you
- when you have objections to its processing and until it is verified that the Company has legitimate reasons for such processing.
- Right to object to processing
You have the right to object to the processing of your personal data when it is based on a vested interest, as well as when it is used for direct marketing and profile building purposes. Your right to object to processing includes automated decision making and profile building.
- Right to portability
You have the right to request and receive your personal data in a form that allows you to access, use, and process it with the commonly used processing methods. In addition, you may ask us to forward the data that we process by automated means with your consent or to execute a contract directly with another data controller if this is technically feasible.
- Right to withdraw consent
If your data processing is based on your consent, you have the right to withdraw it at any moment. The revocation of your consent does not affect the legality of the consent-based processing that occurred prior to say revocation.
You can contact us at email@example.com to exercise your rights or for any questions, complaints, or information regarding the processing of your personal data.
7. RIGHT TO FILE A COMPLAINT WITH THE DATA PROTECTION AUTHORITY (DPA)
You have the right to file a complaint with the Data Protection Authority (www.dpa.gr) regarding matters relating to the processing of your personal data.
8. LAST UPDATE OF THE POLICY
This policy may be periodically updated.
This latest issue is effective from 01/10/2019.