Personal Data Management Policy
Welcome to FRONTIS NEPHROLOGIKI S.A. We would like to reassure you that we are committed to providing our services while protecting and respecting your privacy. For the purposes of this update, we will refer here to the FRONTIS NEPHROLOGIKI as the "Organisation".
This policy will disclose and explain to you how we collect and use information concerning you, as provided for by the applicable law (General Data Protection Regulation 679/2016). At the same time, we will describe your rights in connection with the personal data which we process, as well as the privacy protection measures. Personal data is the information on the basis of which someone can be identified. For example, information about your full name, the information held by your public or private insurance provider to identify you and your e-mail account. Sensitive personal data, both biometric and genetic, are information which relates to your health (article 4, paragraphs 13,14,15 GDPR) and which allow your identity to be confirmed.
FROM WHERE MIGHT A POTENTIAL RISK ARISE?
This Policy helps the Organisation to protect itself against risks that include, but are not limited to:
- Breaches of confidentiality. That is, information that could be given to someone who does not have the necessary authorisation and authority to process it.
- Lack of ability to choose how data concerning you is stored and processed
- Damage to the Organisation’s reputation if it obtains illegal access to personal data or sensitive personal data.
Collection and processing of personal data
THE TYPE OF PERSONAL DATA WE PROCESS
Our Organisation collects:
- Your name, surname, contact details, sometimes, your date and place of birth. Also, details related to creating your medical file which will be used to facilitate medical practice.
- If you contact us, or vice versa, a record is retained of the details of this communication. We will probably also collect the content of your own judgments for third parties.
- Data connectivity and online communication data related to the media and applications you use.
- If you work at the Organisation, we may collect data on gender and nationality, as well as documents which are capable of identifying you. Also, data for salary purposes, numbers related to tax and insurance data and whatever is considered necessary to fulfil a contractual relationship.
- Our premises are equipped with closed circuit television (CCTV) to record any potential malicious acts, as the law provides. As part of this, images and motion pictures are recorded and kept for a short time.
- The Organisation retains the right to control, monitor, record and use the content of the data it holds, and which is processed through the electronic systems it maintains. The same applies to data it keeps in paper form (files).
- On our website www.frontis-nefrologiko.gr, we use a cookie-based traffic configuration application, and data transmission from the relevant communication form is subject to the security requirements of each application, including encryption methods.
JUSTIFYING REASONS FOR STORING AND PROCESSING YOUR PERSONAL DATA
The Organisation collects and processes your personal data for the following reasons:
- To comply with current legislation (such as GDPR 679/2016)
- To carry out statistical research for internal Organisation use
- In order to be able to fulfill our obligations arising from your position as a client or as a partner, or those which arise from our position as an employer under a contract.
- For purposes related to the safety of the staff, installations, assets and material related to the Organisation
- To manage the Organisation’s communication
- For any obligations the Organisation may have in connection with obligations and rights defined by the Public Authorities.
- In any event, wherever your explicit consent to the storage and processing of the above data is considered an important justifying reason.
WHAT THE LAW SAYS
In order to process your data, it is necessary to have a specific legal basis for this.
The Organisation stores and processes personal data as part of performing its contractual obligations as provided for by the law (Article 6 of the GDRP par.1) but also to safeguard the vital interests of the persons to whom the aforementioned personal data relates (the data’s subjects).
In order for the Organisation to comply with the law while maintaining and processing personal data (electronic or hardcopy), it is obliged to follow certain basic principles which are:
- to do so for a legitimate reason,
- for a defined purpose,
- with accuracy and using only the necessary data.
- Additionally, personal data must be accurate and up-to-date,
- in accordance with the rights of the subject,
- and must only be stored for such time as is necessary. They must be protected by suitable technical and organisational methods.
- If they are to be sent outside the European Union, this must be done legally.
ARE YOU OBLIGED TO GIVE US YOUR PERSONAL DETAILS?
In order to conclude a contract with you and in order to meet the obligations arising from it, as well as to exercise our rights, yes, you are obliged to give us your personal data. If you do not, we may not be able to enter into a contract with you and provide you with our services (either as an employer, as a service provider or as a supplier).
AUTOMATIC DATA PROCESSING
For purposes of statistical research and to keep you up-to-date, the Organisation may, with your consent, use an automated decision-making system to create a profile. We repeat that we require your consent to do something like this.
LENGTH OF TIME YOUR PERSONAL DATA IS STORED
The Organisation can store your data for some years after the contractual relationship with you ends. In some circumstances, this may be required by the law. Financial information about you is stored in our records for a decade (10 years). Sensitive personal data is only kept for as long as necessary to complete our contractual relationship.
TRANSFER OF INFORMATION TO THIRD PARTIES
The Organisation does not share files containing sensitive personal data with third parties. If this happens, it will only be done with the explicit consent of the subject and for reasons that will be explicitly stated; for example, the description of a diagnosis that is sent to a health care provider or other diagnostic or treatment unit. Personal data may also be passed on to an accountancy or banking support firm governed by this policy, and always as part of a contractual relationship. We also disclose personal data to the Authorities, as we have a legal obligation to do so, and also when this is a necessary part of complying with the law and for public safety reasons. Your data are not sent outside the European Union.
At FRONTIS NEPHROLOGIKI S.A., we attach great importance not only to you knowing your rights in relation to your personal data, but also to the way you can exercise these rights. So, you have:
- The right to know if we store and/or process your personal data. This right stems from Article 15 of GDPR 679/2016. You can also request a copy of your data and details of how you can access it.
- The right to request that inaccuracies in your personal data be corrected. As soon as you can prove that the data relating to you which we have stored should be corrected, you can request that the Organisation does this.
- The right to "be forgotten", that is to say, for your data to be deleted. In any case, you have the right to request that the Organisation either limits the personal data relating to you which it keeps and processes, or deletes them. Your request may be accepted immediately, provided it is not contrary to the law or to an obligation of the Organisation which derives from the law.
- The right to object to your data being stored and processed.
HOW YOU CAN EXERCISE YOUR RIGHTS
Please contact us if you are interested in exercising the rights described above. This can be done either by phone or by sending an e-mail to [email protected]
In all cases, you will be asked for identification details, so we can process your request. If you find a problem with your data and the Organisation does not respond, you have every right to have recourse to the Personal Data Protection Authority, as it is the competent national oversight body.
HOW YOU ARE INFORMED ABOUT ANY AMENDMENTS TO OUR POLICY
You can find information on any change and modification to this policy on our website www.frontis-nefrologiko.gr
IMPORTANT INFORMATION FOR INTERESTED PARTIES, INCLUDING THE ORGANISATION’S PARTNERS
This current FRONTIS NEPHROLOGIKI SA Data Protection Policy was prepared and approved by the Management on 23/05/2018. It was put into effect on 24/05/2018 and its next audit is scheduled for 01/07/2018.
Fill in your details and we will get in touch with you.