STAVROULIS Diagnostic Lab considers the personal data protection as a matter of outmost seriousness and great importance. Respecting the personal data we collect and manage and ensuring their proper processing is one of our Lab’s priorities.
This is the reason why we take all appropriate technical and organizational measures in order to protect the personal data we process and to ensure that this processing will always meet the requirements of the current national and European legal framework and in particular the General Data Protection Regulation (EU) 2016/679 (GDPR).
01. DATA CONTROLLER – CONTACT DETAILS
STAVROULIS Diagnostic Lab is the data controller for all the personal data that collects, processes and stores.
STAVROULIS STEFANOS & SONS Co. (Title: STAVROULIS Diagnostic Lab)
Address: 18 Apostolou Papaioannou str., 85100 Rhodes, Greece
Phone Number: +302241078078
For the matters, concerning the processing of personal data you can contact the Lab’s Data Protection Officer (DPO) Mrs Ioanna Gallou at email@example.com.
02. CATEGORIES OF PERSONAL DATA COLLECTED AND PROCESSED AND PURPOSES OF THE PROCESSING
Α. When you visit STAVROULIS Diagnostic Lab
STAVROULIS Diagnostic Lab collects and processes personal data in order to perform diagnostic imaging examinations.
To provide these services to its patients, STAVROULIS Diagnostic Lab collects and processes the following personal data: first name & surname, marital status, nationality, year & place of birth, address, contact phone number, email, ID or passport number, Social Security Number, Health Insurance and registry number, as well as health data (e.g. medical history, previous medical examinations’ results). All those data consist the patient’s medical record.
For the protection and security of the staff, visitors and properties, the Lab operates closed video-surveillance circuit (CCTV) that records the images of patients, visitors and employees in public areas (where permitted by law). The recording is done always in accordance with the relevant legislation. You can find detailed information regarding the processing of the image data through the CCTV operating in the Lab here.
B. When you visit the STAVROULIS Diagnostic Lab website (stavroulis.gr)
Each time you use the contact form of our website and in order to reply to your message we collect the data you fill in the necessary fields.
03. LEGAL BASIS OF THE PROCESSING
Legal basis of the data processing may be:
i. The provision of preventive or occupational medicine and medical diagnosis, so that our patients receive our services (when visiting the Lab for medical exams).
ii. The STAVROULIS Diagnostic Lab’s compliance with its legal and regulatory obligations, arising by the current legal framework regarding the Lab’s operation.
iii. The promotion, preservation and protection of the legitimate interests both of the Lab and its patients, in case we need to rise and support legitimate claims or to defend our rights and interests before courts. Legitimate interests include also among others the development and improvement of the services provided by the Lab and its seamless and continuously improving operation.
04. RECIPIENTS OF THE PERSONAL DATA
Access to your data has the authorised personnel of STAVROULIS Diagnostic Lab, during their job description duties.
The personal data may also be disclosed to third recipients, such as:
• Your health insurance carrier
• Your attending physician, after your relevant request and authorization
• Your private insurance company, in case you declare to us that you want to use it
• Co-operating specialized labs
• Public authorities and bodies –as required or permitted by the applicable laws–, in order that the Lab complies with its legal obligations
In all cases, the transfer of your personal data is confidential and subject to medical confidentiality terms (in case of medical data transfer).
05. TIME PERIOD OF STORAGE OF THE PERSONAL DATA
Under the Law 3418/2005, we are obliged to keep our patients’ medical records (and all personal data contained therein) for 10 years. Furthermore, we keep the data for the period required by the overall legal framework regarding the Lab’s operation.
In any case, STAVROULIS Diagnostic Lab applies all the appropriate technical and organizational measures in order to ensure the protection of personal data processed and constantly takes care to prevent any unauthorised access to them.
06. RIGHTS IN RELATION TO THE PERSONAL DATA
You can exercise the following rights regarding the processing of your personal data:
Right of access
You have the right to know what categories of personal data of yours we keep and process, for what processing purposes and other additional relevant information. You also have the right to request a copy of your personal data undergoing processing.
Right to rectification
You have the right to request the rectification, modification and completion of your personal data.
Right to erasure («right to be forgotten»)
You have the right to request the erasure of your personal data when they are processed based on your specific consent. In cases where the processing is based on another legal basis (such as performance of a contract, legal obligation or protection of legitimate interests of the Lab etc.), this right of yours may be subject to restrictions or not be exercised.
Right to restriction of processing
You have the right to request the restriction of processing of your personal data
• When their accuracy is contested by you and until we make their relevant verification
• Alternatively, instead of their erasure
• When they are no longer necessary for the processing purposes for which we have collected them, but they are required by you for the establishment, exercise or defense of legal claims
• When you object to their processing and until it is verified that there are legitimate reasons for such processing by the Lab
Right to object and automated individual decision-making including profiling
You have the right to object to the processing of your personal data when it is based on a legitimate interest, as well as for direct marketing and profiling purposes
Right to data portability
You have the right to request and receive your personal data in a format that allows you to access them, use them and process them with the commonly used editing methods. In addition, you have the right to request us to transmit your personal data to another controller where we process them by automated means and based on your consent or for the performance of a contract and if this is technically feasible.
Right to withdrawal of consent
If the processing of your personal data is based on your consent, you have the right to withdraw it at any time. The withdrawal of your consent does not affect the lawfulness of the processing based on the consent before its withdrawal.
You may exercise your above-mentioned rights as well as pose any question, complaint or ask other information regarding the processing of your personal data, by contacting firstname.lastname@example.org or calling (+30) 22410 78078.
07. RIGHT TO LODGE A COMPLAINT WITH THE SUPERVISORY AUTHORITY
You have the right to lodge a complaint with the Hellenic Data Protection Authority (www.dpa.gr) on matters concerning the processing of your personal data.
This policy may be updated from time to time.
This current version is effective since 09.06.2020