MediFirstAid_Logo_Header
Contact
(+30) 693 833 0678
(+30) 693 833 0678
Home / Privacy Policy

Privacy Policy

Submission and Management of Reports

Driven by integrity, all our activities are guided by a code of ethics that ensures impartiality, respect for all parties involved and full transparency.

MEDIFIRSTAID polyclinics are committed to providing a high level of service to their customers and shareholders, as well as to the wider community and to all stakeholders, by adhering to appropriate service quality procedures and operating in such a way as to ensure their economic, social and environmentally friendly operation.

In order to ensure the deterrence of offences and in accordance with Law no. 4990/2022 on the ‘protection of persons reporting violations of EU law’, we have created a secure communication channel for any person who suspects a violation to report it without fear of retaliation. All reports/complaints to Interamerican will be confidential, will be taken seriously if valid and will be handled fairly and equitably.

MEDIFIRSTAID is committed to providing a high level of service to its customers and shareholders, as well as to the wider society and to all stakeholders, by adhering to appropriate service quality procedures and operating in such a way as to ensure its economic, social and environmentally friendly operation. Driven by integrity, all our activities are guided by a code of ethics that ensures impartiality, respect for all parties involved and full transparency.

In order to ensure the prevention of misconduct and in accordance with Law no. 4990/2022 on the ‘protection of persons reporting violations of EU law’, we have created a secure communication channel for any person who suspects a violation to report it without fear of retaliation. All reports/complaints to MEDIFIRSTAID will be confidential, will be taken seriously if valid and will be dealt with fairly and equitably.

Who can report?

Persons who have an employment relationship with Interamerican or its subsidiaries, in particular:

Employees, regardless of whether their employment is full or part-time, permanent or seasonal,

Non-employees, self-employed or consultants or home workers, whether permanent, temporary, part-time or full-time,

Shareholders and board members, including non-executive directors, as well as volunteers and paid or unpaid interns,

Any persons working under the supervision and direction of contractors, subcontractors and suppliers,

Other persons who publicly report or disclose information about violations obtained in the context of an employment relationship that has ended, and persons whose employment relationship has not yet begun, where the information was obtained during the recruitment process or at another stage of negotiation prior to the conclusion of a contract.

What can I complain about?

The petitions may concern violations of European Union law and in particular violations affecting.

public contracts

Financial services, products and markets and the prevention of money laundering and the financing of terrorism

Product safety

Transport security

Protection of the environment

Radiation protection and nuclear safety

Food and feed safety, health and animal welfare

Public health

Consumer protection

Protection of privacy and personal data and security of network and information systems

Infringements (such as fraud and other illegal activities) affecting the economic interests of the Union

Internal market related infringements (such as competition laws, corporate tax rules)

Violations of legislation against violence and harassment at work according to Law 4808/2021

Personal Data Protection

What categories of personal data do we collect and process?

When you arrive at the reception point, as part of the proper provision of our services, we will create an individual file that will include all the necessary medical and non-medical information required to provide you with high quality personalized health services, so you will need to provide us with information about you such as:

Your identification data such as name, surname, date of birth, identity card/passport number, AMKA, VAT number

Contact Data that we collect at the reception stage such as e.g. email/mailing address, mobile/stationary/fax numbers

Payment data such as bank accounts, debit/credit and other bank cards

Insurance Data, your insurance provider or Private Insurance and Social Security Number (SSN), in order for the Accountancy Department to know how the services we provide to you will be priced and to inform you of the relevant costs and the pricing of our services to you

Data of special categories of personal data / formerly sensitive, such as social security number, physical condition, pathological/clinical symptoms, medical examinations, personal/ or family medical history, medication, past hospitalizations, nationality information and, where applicable, if required for diagnostic or therapeutic purposes, data concerning your sex life or religious beliefs

Settlement data such as data necessary for the management of the Polyclinic’s financial claims and related documents/ supporting documents

Data we collect when using and submitting a complaint form such as full name and telephone number. The complaint form is in principle submitted anonymously, and only if the complainant wishes to do so, he/she states his/her details in order to receive information from the Polyclinic.

Data we collect when you call our call centre, such as your full name, telephone number.

Data we collect from the submission of a contact form (name and phone number).

Data we collect from the completion of the Satisfaction Questionnaire (name and surname).

Finally, we collect image data when you enter the building and our premises from the operation of closed circuit security cameras (CCTV) for the operation of which you are informed in good time when you enter our premises, in full compliance with all the provisions of the applicable legislation.

We treat all information as confidential and make every effort to collect only what is necessary in accordance with medical standards and will not process it for purposes other than those described in this notice.

From which sources do we collect personal data?

From you, when you enter the reception point to receive our medical services, our staff will collect the necessary information by filling in the special personal data form; if you are unable to do so, this data is collected by the patient’s companion or a person close to him/her.

From you, by the declaration and completion of questionnaires to be included in your medical record, from medical examinations you provide to us, medical procedures, information derived from any symbols attributed for health care purposes, medical opinions, histories of your other hospitalizations, X-rays and medical images and generally any medical information concerning your physical health, past or present.

Especially the special categories of personal data, which are mainly health data, the Polyclinic, in addition to those that you yourself disclose, may collect them through contracted health service providers (e.g. hospitals, private clinics, diagnostic centers, physicians, etc.).

By visitors/users of our website, only when they themselves voluntarily provide them in order to process the requests submitted electronically.

For what purposes do we process your personal data?

A polyclinic provides primary health care services, which do not require admission to a hospital and include diagnosis, monitoring, treatment and medical visits. In this context, your data is subject to automated and non-automated processing for the following purposes:

Both ordinary and special category data collected and subject to processing/processed are processed by staff for the purpose of providing primary health care services to you. Accordingly, the legal basis for this processing is the Provision of Health Care Services according to General Regulation 679/2016 and Law 4624/2019.

Both ordinary and special categories of data are collected and processed/processed by the designated staff and used for the coverage of your primary care costs by your private insurance company, in accordance with the relevant contractual terms of your insurance policy, having previously obtained your explicit consent for the transfer of your data. In this case, the legal basis for the processing of your data is your explicit consent. In particular, by giving your consent, you authorize the Polyclinic on your behalf to transmit your data in order to request the private insurance company to which you are insured to participate in your medical expenses. This consent is given for your convenience and in order to avoid incurring the total cost of the medical expense. The consent is free of charge. In case you do not wish the Polyclinic to transmit your medical record data for this purpose, we inform you that you will pay the Polyclinic the total cost of the medical expenses and that you can be reimbursed accordingly by your private insurance company according to the terms of the insurance policy and by presenting the data required by the respective carrier.

Both simple data and special categories of data collected and processed/processed by the staff for the purpose of providing primary health care services will be processed for the purposes of defending the legitimate interests of the Polyclinic, such as the establishment, exercise, defence and support of any legal claims of the Polyclinic. Accordingly, the legal basis for processing in this case is the legitimate interest of the Polyclinic.

We process your simple data collected during the optional completion of the Patient/Visitor Satisfaction Questionnaire to monitor the quality of our services in order to control the quality of our services and to investigate the level of satisfaction of our customers.

Where do we transfer your Personal Data?

Your data will be transmitted to our departments, nursing, medical and administrative staff responsible for providing you with our personalised services. Examples include the Patient Coordination Office , Accounting, Legal Services, etc.

Your data, both simple and special categories, will be transferred with your consent and will also be made accessible by legal entities with whom we maintain contracts from time to time for your insurance coverage (i.e., Insurance Companies, etc.). In this case, these legal entities will process your data (DPI and/or CSP) which we will send to them in order to reimburse the healthcare service we provide to you under the insurance contract you have established with them.

In each transfer we always take every measure to ensure that the data transferred will always be the minimum necessary and that the conditions for lawful and fair processing will always be met.

Also, as provided by law, the Polyclinic may disclose your data to Public Services, Insurance Funds, Judicial, public and independent authorities, lawyers, supervisory authorities, including but not limited to Police Departments, to the Traffic Police, to Public Prosecution Authorities, to independent audit companies upon their legitimate request, to the Services of the Ministry of Health if this is absolutely necessary for the defence of legal rights or the fulfilment of legal obligations of the Polyclinic.

Finally, the Polyclinic, in the context of providing its medical services to you, may forward your personal data of simple and special categories to its third-party partners, External Diagnostic Centres or Pathological Anatomical Laboratories for the performance of specialized medical examinations that are not carried out within the Polyclinic.

How long will you keep my data on file?

We will keep your data for as long as provided by national legislation in both paper and electronic form and specifically according to Law 3418/2005, (Government Gazette A 287/28.11.2005) we are obliged to keep your data for 10 years from each visit.

We will also keep your data for as long as necessary until the statute of limitations has expired for any relevant legal claims of the Polyclinic.

Closed circuit television (CCTV) recording data is retained for 15 days. In the event of an incident against the Polyclinic, its staff or third party visitors, the images in which the incident has been recorded may be kept in a separate file for a longer period of time, in accordance with applicable legislation.

What rights do I have in relation to the processing of my data?

You have the rights set out in the General Data Protection Regulation (GDPR, Regulation (EU) 2016/679), in Law 4624/2019 and in particular you can exercise, where applicable, the following rights:

(1) the right of access to find out what data we process, why we process it and the recipients and to receive copies of the data held at our Polyclinic.

(2) the right of rectification to request that any omissions or inaccuracies in your data be corrected.

(3) the right of erasure to request the deletion of personal data concerning you, if you no longer wish these data to be processed, and if there is no legitimate reason for the Polyclinic to hold and process them as a Data Controller. When can we refuse erasure requests? You should be aware that the right to erasure is not an absolute right, it cannot be satisfied where your information is processed for specific lawful reasons such as those described above, including to pursue or defend legal claims of the Polyclinic. Do we need to inform other recipients of your personal data about your request for erasure? In the event that your right to erasure is granted where we have provided the personal data you wish to have erased to third parties we will take steps to inform them of your request for erasure so that , in turn, they can erase that personal data but it may not always be possible or may involve a disproportionate effort on our part.

(4) the right to restriction of processing to restrict the processing of your Personal Data when you disagree with the accuracy of the information and until the accuracy of the information is verified or if the processing is no longer necessary for the Polyclinic but you need it to raise, exercise or defend a legal claim. When can we refuse requests to restrict processing? You should be aware that this right is also not an absolute right, it cannot be satisfied where your information is processed for specific lawful reasons such as those described above, including to raise or defend a legal claim of the Polyclinic. Do we need to inform other recipients of your personal data about the restriction? Where we have shared your Personal Data with third parties, we will take steps where practicable to inform them of the restriction on the processing of your information so that they do not continue to process it.

(5) the right of portability to receive your data in a structured and commonly used format.

Please clearly specify in your application the right you are exercising in relation to the personal data you are requesting. If your request is not clear, we may ask you for further personal data for clarification purposes. In order to enable us to deal with your individual request, we may ask for your identifying information such as proof of identity, passport and sufficient additional personal data to enable us to safely identify the personal data you are requesting. If you exercise any of these rights, we will take all reasonable steps to respond to the request within thirty (30) days of receiving it, and we will inform you either that the request has been granted, or of the objective reasons that prevent it from being granted, or of the justifiable reasons for extending the time to respond.

If you are not satisfied with the response to your request regarding your personal data, you always have the right to contact the Personal Data Protection Authority, which may also accept complaints.

How do you ensure the security of my data?

The security of your data is our absolute commitment. To achieve this, we apply all modern and appropriate technical and organizational measures for the purposes of processing, the compliance of which we confirm by periodic checks at regular intervals in order to:

Protect your personal data, from unauthorized access and inappropriate use.

To secure our IT systems and safeguard information from unauthorized access or unauthorized unauthorized use

To ensure that we can restore your data, in cases where your data is damaged or lost in recovery.

Indicative measures that support both the physical and electronic security of the data processed in our Clinic are the physical presence of security in our building, the installation of closed circuit monitoring of our critical areas, the implementation of a Good Use of Resources Policy, Security Policy and supporting procedures, the installation of a firewall, anti-virus software (antivirus, antimalware), the implementation of a data leakage prevention system (DLP), the use of 2 Factor Authentication

*This Privacy Notice was updated in July 2022. We reserve the right to amend or update this Notice at any time. We will notify you of any changes by publishing the new Update by posting it on our Clinic’s website and notifying you by any appropriate means at the earliest opportunity, including emails. We also encourage you to consult this Update regularly for any changes.

video surveillance

You can go here and find out about the processing of personal data through a video surveillance system.

Cookies

What are coukies?

They are small text files sent to your browser and stored on your computer, mobile phone or other electronic device while you are on our website. Cookies help us to monitor the performance and traffic of our website, improving its presentation and content according to our visitors’ preferences.

Absolutely essential cookies

These cookies are necessary for the proper functioning of the website and cannot be disabled. They are usually only set in response to actions taken by you that involve a request for services, such as setting your privacy preferences, logging in or filling out forms. You can set your browser to block or notify you about these cookies, but in this case certain parts of the site may not function. These cookies do not store any personal information.