This Privacy Statement explains the reasons why Cretan Medicare Medical S.A. collects your personal and medical data, the ways in which these data are used, and your rights in accordance with the General Data Protection Regulation EU2016/679.

How we use your information

When you visit our Medical Center as a patient, you are registered in our information system and your personal Medical Record is opened.

Your registration includes personal and financial information such as: Full name, address, contact telephone numbers, date of birth, electronic mail (email), AMKA, name and room number of the hotel where you are staying, financial transactions (service invoicing details, payment details), etc.

Your registration also contains information concerning your health such as: Name of the Physician(s) who examined you, Medical History, date of examination, results of clinical and laboratory examinations and ultrasounds, appointments, information concerning your admission to Hospitals and/or Private Medical Centers, etc.

Your consent to the processing of your personal data constitutes the legal basis for their processing pursuant to Article 6(1) of the GDPR.

Why we collect your personal data

• In order for the Physician of Cretan Medicare Medical S.A. to provide you with the best possible care and treatment.
• To monitor your health.
• To share information regarding the treatment you require with personnel of another department and/or another Health Organization within Greece or the EU.
• To train and educate our Medical personnel.
• To investigate and resolve incidents.

It is important that you inform our Medical Center if any of your personal information changes.

Note: The accuracy and truthfulness of the data you declare is the responsibility of the patient himself/herself. Your personal data are not used for purposes other than those described in this Privacy Statement unless we first obtain your consent or unless this is required or permitted by law.

How data are recorded

Your personal and medical data are recorded in paper and electronic form in the information systems maintained by our Medical Center. The information systems allow the direct registration, collection, processing, retrieval, storage of the Medical Record and analysis of medical information.

Collection and processing of your personal data on our website

When you visit our website we automatically collect and store anonymized information such as:

• IP address,
• Device identifier,
• Browser type,
• Operating system,
• Mobile device identifiers,
• State or country from which you access our website,
• Specific web pages you visited,
• Date and time of visit,
• Websites visited immediately before and after visiting our website,
• Number of links and specific links you click on our website,
• Functions you use on our website,
• Data you view or download from our website.

We may also use cookies to store information on your computer or mobile device in order to improve your experience on our website.

Cookies are small text files that allow you to navigate efficiently between pages of our website, help us evaluate whether our website functions effectively and generally improve your browsing experience. Cookies may also help ensure that the advertising you see online is more relevant to you.

In general, our cookies may perform the following functions:

Essential cookies: Certain cookies are vital to the operation of our website. Without them you will not be able to navigate our website and use some of its features. Essential cookies allow the smooth transition from page to page of the website and are absolutely necessary for its operation.

Functional cookies: We do not use functionality cookies and therefore cannot remember the preferences and choices you have requested during previous visits to our website.

Performance cookies: We use performance cookies to analyse the way in which our visitors use our website and to monitor its performance. This allows us to provide a high-quality experience. These cookies do not collect information that identifies a visitor. All information collected is aggregated and therefore anonymous and is used only to improve the way our website functions.

Advertising Cookies: We do not use advertising cookies on our website.

Cookies

Third-party Cookies: Third-party cookies are set by a different organisation and not by us. Our website may contain embedded content, for example from Facebook or YouTube, which is provided to us through an advertising partner network. These websites may set their own cookies which we are unable to control.

If you wish to enable or disable the use of cookies through your browser settings, please select the relevant instructions according to the browser you use.

• Microsoft Internet Explorer
• Microsoft Edge
• Mozilla Firefox
• Google Chrome
• Opera
• Safari
• Safari for iPad and iPhone

We use these data in order to make our website as user-friendly as possible and also to protect our IT systems from attacks and other unlawful activities.

Confidentiality of your information

All employees of Cretan Medicare Medical S.A. as well as external Physicians have a legal obligation to maintain the highest possible level of confidentiality in accordance with the guidelines and policy of our Medical Center. All members of our staff have received clear instructions and specialised training regarding the handling of confidential Medical and personal information and data.

Cretan Medicare Medical S.A. takes preventive security measures to ensure the protection of the data under our control against interference, loss, destruction, access by unauthorised persons or unauthorised disclosure. Our security measures are continuously improved in accordance with technological developments.

The computer systems and networks of Cretan Medicare Medical S.A. have been designed in such a way as to guarantee the availability and integrity of the data you have provided to us, and we have taken all necessary technical measures for their protection. Your information is stored and used with the greatest possible care and confidentiality.

Disclosure of your information without your consent

In order to ensure that you receive the care and treatment you need, we may share relevant information about you with other organisations (see below), either through written correspondence or through the secure transfer of data by means of computer systems.

The organisations and/or natural persons to whom information may be disclosed are the following:

• The insurance company providing your medical coverage or your insurance fund,
• Hospitals or Private Health Centers,
• Your personal Physician and/or other physicians of various specialties,
• Nurses, Orderlies, Therapists,
• Judicial and prosecutorial authorities,
• Debt collection companies.

The information we receive from you is important. We will not exploit or disclose your information to third parties outside our Medical Center without your consent. If we are unable to contact you in order to obtain your consent but there is an urgent need to transfer information to third parties, we will transfer only those data which we can demonstrate are in the interest of your health and to ensure that you receive the best possible care and treatment.

The information that is exchanged is used only by authorised persons and individuals under strict confidentiality and only for the specific purposes for which it has been requested.

We will inform you in order to ensure that you agree to the disclosure of your information, but there are occasions when we may need to disclose your information without your consent. This will occur only when we are legally obliged to do so or when the law requires us to act in this manner in order to protect you or other individuals.

Such cases include

• Where there is a risk of harm or abuse to you by other persons.
• Where a serious crime, such as an assault, is being investigated, or where such an incident could be prevented.
• For the control of infectious diseases such as meningitis, tuberculosis (TB), or measles.
• Pursuant to a prosecutor’s order or court order.

If it is deemed necessary in order to comply with our legal or regulatory obligations, resolve disputes or enforce terms and conditions of use, we may retain some of your data, as required, even if there is no longer a need to provide services to you.

Retention period of your personal data

For the best possible care and service, your personal data are stored and remain in our information systems until their permanent and irrevocable deletion is requested by you or until the mandatory retention period of the records has expired.

Specifically:

• Your Microbiological examinations and Medical procedures remain in our records for 30 years.
• Your X-rays remain in our records for 1 year.
• Your Imaging examinations/ultrasounds remain in our records for 10 years.

Contact details of the person responsible for the protection of Personal Data

Cretan Medicare Medical S.A. has built internationally the image of a reliable and serious medical company that continues to invest over time in the friendly and humane management of its cases. The protection of patients’ personal data constitutes one of our fundamental concerns.

To obtain further information or to submit suggestions, objections or complaints regarding the processing of your personal data, you may contact the Data Protection Officer (DPO) of Cretan Medicare Medical S.A. In addition, you may contact our Data Protection Officer if you wish to exercise your right of access to your personal data. If incorrect information has been stored—despite our efforts to maintain accurate and up-to-date data—we will correct it upon your request.

Data Protection Officer Details

Mr. Markus Kichler
e-Mail: dpo@cretanmedicare.gr
Address: For the attention of: Data Protection Officer (DPO)
Cretan Medicare Medical S.A.
19 El. Venizelou Street, Postal Code 70014, Hersonissos, Crete, Greece

All requests must be submitted in writing. Under the applicable legislation, a response must be provided within thirty (30) days.

We reserve the right to amend the Privacy Statement at any time, for any reason, by publishing revisions on this website or in applications. These changes shall take effect upon publication but shall not apply retroactively.

Further information, your rights and access to your data

At this point we would like to inform you of your rights:

• You have the right at any time to withdraw the consent you have already given regarding the processing of your personal data.
• You have the right to request a copy of your personal data and records that we keep in our information systems. Following an assessment of your request, a copy of your file will be provided to you.

Under applicable legislation, you may be charged a small administrative fee (handling costs) in order to cover the cost of providing you with the information requested.

• You have the right at any time to request the permanent and irrevocable deletion of your personal data and records that we maintain in our systems.
• You have the right at any time to request the correction of your personal data that we maintain in our systems.
• You have the right to request the restriction, where possible, of the processing of your personal data maintained in our systems.
• You have the right to request the portability of your personal data maintained in our systems to another Organisation.
• You have the right to object to the processing of your personal data maintained in our systems, where possible.
• You have the right at any time to lodge a complaint with the Hellenic Data Protection Authority, Kifisias 1-3, Postal Code 115 23, Athens. Contact telephone: 0030 210-6475600, email: complaints@dpa.gr