GENERAL PRIVACY NOTICE

At MIKROANALYSI – IDIOTIKA IATRIKA DIAGNOSTIKA ERGASTIRIA – IATRIKI ATHINON ANONYMI ETAIREIA (hereinafter referred to as “MICROANALYSIS” and/or the “Company“, “we“, “us“, “our“) we respect the privacy of natural persons and are committed to the security and protection of the personal data of both visitors to our website www.microanalysi.gr or the web application SlisWeb – Medical Results (hereinafter collectively the “Website”) as well as those natural persons who deal with the Company or use its services (hereinafter the “Users“).

1. Introduction

This Privacy Notice has been drafted in accordance with the provisions of the applicable personal data legislation, including Articles 13/14 of the General Data Protection Regulation (EU) 2016/679 (“GDPR”) and the Greek law 4624/2019 (“Law 4624/2019”). It applies to all personal data collected by the Company when you visit and use the features provided by our Website or when you interact in any way with the Company, e.g. when using our contact form, and contains a description of all the data processing carried out by our Company, the legal basis on which each of these processes is based, the purposes for which we use the personal data collected, to whom we may disclose them and the relevant rights you have in relation to them under applicable law.

This Notice together with the Cookie Policy forms an integral part of the Terms and Conditions of Use of our Website and any other Policy adopted by the Company. Separate privacy notices apply to the Company’s employees as well as candidates for employment and for the processing of personal data through the Video Surveillance System operated by the Company.

The Company undertakes to keep the personal data of the Users secure at all times and to comply with all provisions of the applicable legislation on personal data protection as in force from time to time in accordance with the legislative and regulatory framework. Under no circumstances will we obtain from our Users more personal data than is necessary for any purpose for which it is collected and we will not use or share your information with anyone except as described in this General Privacy Notice.

If the visitor/user of the website does not agree and/or does not understand, in whole or in part, the present terms of the Company’s Privacy Notice, he/she should not visit and use this Website.

2. Amendments on this Notice

The present Notice may be updated at our discretion, at regular intervals, for example to comply with any new legal or technological requirements imposed by applicable legislation, and for this reason we ask you to check frequently for the latest update of the Notice which is indicated in the “Last Updated” field at the end of the Notice. If there are significant changes in the use of your personal data (as defined herein) in a manner different from that stated to you at the time of collection, we will make every effort to inform you of this either by posting a notice on our Website or by sending you an email.

3. Data Controller

The Data Controller for the collection, processing and use of personal data within the meaning of the applicable legal and regulatory framework for the protection of your personal data is:

MIKROANALYSI – IDIOTIKA IATRIKA DIAGNOSTIKA ERGASTIRIA – IATRIKI ATHINON ANONYMI ETAIREIA,
GEMI nr: 000957701000
104 Al. Panagouli str. and 2 Tymphristou str., Agia Paraskevi, Attica 153 43
7 Ag. George Square, Thessaloniki 546 35
+30 2106006900, (fax) +30 2106006902,
Email: microanalysi@microanalysi.gr Web: www.microanalysi.gr

4. Categories of personal data collected and processed by the Company

Personal data or personal information is any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one whose identity can be directly or indirectly identified. Information in which identifiers have been removed and it is not possible to identify you from it or from other information held by MICROANALYSIS (anonymous information) is not considered personal data.

Due to the business activity of the company, sensitive personal data of subjects, known as “special categories of data”, such as health-related data, are also processed.

Our Company may collect and process various types of personal data about you when you visit and browse our Website or when you interact with our Company, as described in this Notice, including:

 

  • Data provided voluntarily by the User: basic information (name, specialty, contact details), account code for those physicians who wish to register and acquire an account in the SLIS Web portal of results in order to, among other things, be provided with access to electronic results documents, special number assigned to each physician by the Company. Also, personal data such as your first name, last name, address, telephone number, email address and postal addresses or other contact information about you that may be contained in communications you send to us regarding your questions, complaints and other requests through our communication channels (e.g., either through the use of the contact form provided on our Website or when correspondence is sent to us). Further, we will collect your email address if you voluntarily complete the application on our Website to receive our newsletter;
    Free registration in our systems is necessary for the use of the Company’s applications. The registration process is carried out after contacting us at microanalysi@microanalysi.gr or 210 600 6900. To activate login details and use the services it is necessary to contact us.
  • Data we receive from third parties: Information contained in the referral documents of our physicians/associates (name, date of birth, gender, medical data) in order to perform the medical analyses they request for their patients.
  • Data relating to your employment with the Company: Our Company has a separate Privacy Notice regarding the processing of personal data of its Employees and an Job Applicants Privacy Notice relating to job applicants;
  • Data relating to the Company’s customers/suppliers: For customers/suppliers, personal data are mainly data identifying natural persons/code number/ or employees of our customers or other data of a financial nature in the context of payments/invoicing and financial transactions in general ×
  • Data relating to the Company’s partners: For partners, personal data includes name and other identifying information, contact details and other information relevant to the scope of the cooperation;
  • Data contained in audiovisual material: Videos and photographs may also have been taken during our company events and from the video surveillance system operating in our facilities.
  • Personal data automatically collected by our Website: That is, usage data about Users’ access and behaviour when navigating our Website or e.g. recording of login and application usage data that constitute personal data collected automatically through our Website (using cookies or other similar tracking technologies). Cookies are small text files that are stored on the hard drive of each visitor/user and do not take note of any document or file from their computer. This usage data is not collected to be associated with identified individuals, but due to its nature, it could allow users to be identified through processing and linking to data held by third parties.
    This category of data includes the IP addresses or domain names of the computers used by users connecting to the Website, the URI (Uniform Resource Identifier) addresses of the resources requested, the time of the request, the method used to submit the request to the server, the size of the file received in response, the numeric code indicating the status of the response from the server (successful, error, etc.etc.) and other parameters related to the operating system and environment of the user’s computer. For more details about the data automatically collected through the use of cookies – or other similar tracking technologies – by our Website or by third party services used by this Website, please refer to the Company’s Cookie Policy.

The above data are being stored in the company records which can be electronic files, letters, prescriptions, medical referrals, e-mails, customer satisfactions forms, photos, video recordings etc.

We may have your personal information because you have given it to us yourself or because we have learned it from someone else (e.g. your referring physician either in the context of providing our services to you or in the context of our business in general, or because it is publicly available.

5. Purposes of the processing of personal data and the legal basis for the processing.

We process your personal data in accordance with the provisions of the EU General Data Protection Regulation (GDPR) and Law 4624/2019 and any other applicable legislation (indicatively) in order to:

  • exchange information about products and services before a contract is concluded (e.g. examination)
  • manage and process relevant queries in the provision of our services
  • perform a medical service/analysis described in a medical referral which we then place in our records
  • contact referring physicians for questions we may have about a referral they have issued or a request they have made to us as referring doctors (e.g. a request for medical results)
  • handle requests, but also complaints
  • provide access to the SlisWeb – Medical Results web application if you register with them as a physician or as a partner
  • process payments (customers, suppliers, partners)
  • comply with our legal, regulatory and other obligations (e.g. tax laws, accounting obligations, etc.) arising from the above activities
  • send you newsletters when you subscribe to our service
  • ensure the security of our facilities, networks and information as well as the safety of our staff, visitors and partners.
  • generate anonymous statistical analyses and reports concerning our operations or to be used for scientific research or published for statistical purposes.

In general, whenever we process personal data that you provide to us in the context of our Services, and depending on the case, we do so on the basis of one of the legal basis for such processing. In particular, we will only process personal data about Users if one of the following applies:

  • If the processing is necessary for our legitimate interests (or the interests of third parties) and your interests and your fundamental rights do not override these interests (Article 6(1)(b) of the GDPR). 1 (f) GDPR), including. In such cases, we will protect your personal data at all times and in a way that is not disproportionate and respects your privacy rights and you will have the right to object as explained in the “Your Rights” section below×
  • If the use of your personal data is necessary in the context of the performance of a contract with the User and/or for any relevant pre-contractual obligations prior thereto (Art. 1 (b) GDPR) including. In addition, based on the relevant cooperation agreement between us, we will process your personal data in order to comply with this agreement.
  • If the processing is necessary in the context of our compliance with obligations established by the applicable legal and regulatory framework to which our Company is subject (e.g. obligation to disclose information to law enforcement or tax authorities) (Art.6 par. 1 (c) GDPR)×
  • If the processing is based on the prior explicit consent of Users for one or more purposes (Article 6 par. 1 (a) GDPR) (e.g. where our Users consent to receive newsletters regarding all products and services offered by the Company), by virtue of your explicit consent and depending on the choice of cookies you make when visiting the

In any case, we are at your disposal in order to provide more specific information as to the legal basis applicable to each processing, so if you would like to know more about the legal basis for the processing of your personal data by us, please contact us at microanalysi@microanalysi.gr or directly to the Data Protection Officer appointed by our Company at dpo@microanalysi.gr.

 

MICRONALYSIS Newsletter

Our Website provides you with the ooportunity to register your e-mail address in order to receive newsletters of the Company. If you give us your explicit consent for this purpose, we will use your Personal Data to send you periodically our newsletter which contains news, updates, information about the products and medical services we provide, and for any changes or new services or for any of our events (conferences, seminars) services that may be of interest to you. This may be done directly by MICRONALYSIS or through companies and other third parties who may provide relevant marketing services on its behalf. In this case, MICRONALYSIS may share your personal data with these partners.

To protect your rights and to ensure that you remain in control of the management of any marketing activities directed to you:

  • We will take steps to limit marketing to a reasonable and proportionate level and will only send you communications that we believe may be of interest to you.×
  • If you no longer wish to receive our Newsletter, you can request that we no longer send you the relevant commercial communication by following the “unsubscribe” link that you will find in all the emails you receive from us. Alternatively, you can contact us at microanalysi@microanalysi.gr or directly to our Company’s designated Data Protection Officer at dpo@microanalysi.gr.

 

MONITORING SYSTEMS

During the execution of business activities and for reasons of security and protection of the Company’s premises and the employees, customers, partners, third parties and Company property goods, the Company monitors its facilities and premises by electronic means such as cameras around the perimeter of its buildings and at the entry and exit points or in high-risk areas such as laboratories, which has the indirect consequence of recording the movements of incoming visitors, visitors, employees, partners, etc.

The data recorded in these systems are kept in accordance with the law, while access to them is very limited and is only granted when a specific need arises (theft, security incident, etc.). For more information on our Company’s use of the Video Surveillance System, please see the form “Privacy Notice concerning the Processing of Personal Data by means of a Video Surveillance System”

6. Disclosure of personal data

In the context of the general operation of our Website and in order to achieve the purposes described in the previous clause 5, your personal data are communicated internally within our Company, between its various departments, in order to produce the desired result and to receive the service you expect from us. This internal communication is done in a secure manner and on a need to know basis. Microanalysis staff is subject to a confidentiality obligation through a specific Confidentiality Agreement.

Further, your personal data will be available and may be shared with our third party service provider partners, who will act as authorised entities to process your personal data, always in a manner that ensures that your personal data and the information we collect about you are not subject to unlawful processing, i.e. not used for purposes other than those stated. In particular, we may send your personal data to:

  • Third party subcontractors and/or service providers who may provide technical, operational and commercial services on behalf of the Company, such as, but not limited to, hosting and management of the Website, technical support, accounting and tax services, newsletter delivery services, courier services, companies specialized in the transportation of biological materials, data analysis or other occasional support services, solely for the purpose of providing the above services to us, which third parties are considered as.
  • Other laboratories performing medical analyses of samples on our behalf as independent controllers
  • Our advisors (including financial, legal and other advisors) in the context of the legal operation of our Company.
  • To supervisory and control authorities and bodies and more generally public or private bodies, such as employment agencies, insurance agencies or companies and other regulatory authorities.
  • To social media or digital platform providers such as Google, Facebook, Twitter, LinkedIn when you use their forms or their embedded services.

In addition, we will respond to requests to disclose personal data when we are required to do so by law or when we believe that disclosure of the information is necessary to protect your rights and/or to comply with a judicial proceeding, court order, request from a regulatory authority or any other legal process that may be served on us.

Third Parties belonging to the above categories act, in some cases, with full autonomy as separate Data Controllers, while in other cases, they act in the capacity of a Data Processor specifically designated by the Data Controller in accordance with Article 28 of the Regulation. Where we share your data as Data Controllers with another Data Controller, that company’s use of that information will be subject to its own privacy policy. Microanalysis makes every effort to select partners that provide high quality, trustworthy, reliable, reliable, secure and safe services, but is not responsible for the use of information by these companies.

Other than in the above cases, your information will not be transferred or disclosed to third parties for marketing or other purposes.

7. Transfer of personal data outside the European Economic Area (EEA)

We process your personal data at our operational offices, and at any other place where any third parties involved in the processing, such as our service providers, are located. Depending on each User’s location, the transfer of data may involve transferring it to a country other than the country in which the User is located. If such a transfer takes place in a country outside the European Economic Area (EEA) and the third country does not provide an adequate level of security for personal data, personal data will only be transferred to that third country if an adequate level of data protection is ensured under a data transfer agreement or if the conditions expressly provided for by European and national law are met.

8. Children’s privacy

We do not knowingly collect any personal information from any person under the age of 16. If you are under the age of 16, please do not use or provide any information on or through any of the features of this Website and do not provide any information about yourself to us, including your name, address, telephone number or email address.

If we find that we have collected or received personal data from persons under the age of 16, we will delete this information immediately.

9. Data retention

We will retain your personal data for as long as reasonably necessary for the purposes for which it was collected, as described in this Privacy Notice. In general, subject to certain categories of personal data for which we have informed you that we retain for a specified period of time, we will retain your personal data for a period of five (5) years from the end of our relationship with Users or from our last communication with you. Without prejudice to the previous sentence:

  • Specifically for health data included in a medical record, the current Code of Medical Ethics provides for a minimum retention period of ten (10) years from the last examination performed for a specific patient.
  • Personal data collected for purposes related to the performance of a contract between the Company and the User will be retained until such contract is fulfilled.
  • Personal data collected for purposes relating to our legitimate interests will be retained for as long as necessary to fulfil those purposes.

We may be able to retain Personal Data for a longer period of time whenever the User has given us consent to such processing, provided that such consent has not been withdrawn or until you request us to delete or modify your personal information stored by us. Further, we may be required to retain Personal Information for a longer period of time whenever required to comply with a legal, regulatory, tax or accounting obligation or as mandated by an authority.

Once the retention period has expired, your data will be deleted. Therefore, the rights of access, deletion, rectification and portability of the data will not be exercisable after the expiry of the aforementioned retention period. Any statistical data contained in our analyses and reports will continue to be subject to use or publication as long as they contain only anonymous data.

10. Security

The Company applies all appropriate technical and organizational measures to ensure that processing is lawful and to ensure the protection of the rights of data subjects, the confidentiality of processing and the appropriate level of security against risks, using the most modern and advanced methods.  Our security measures are aimed at preventing and reducing any risk of unauthorized access, disclosure, modification, or accidental destruction of personal data appropriate to the nature of the information concerned. Where applicable, we use encryption and other technologies that can help secure the information you provide. We also always require our service providers to comply with strict data protection and security obligations. Although we take all reasonable steps to protect your personal data, as the security of information is also dependent in part on the security of the computer you use to communicate with us and the protection systems you use, you accept the inherent security risks of Internet transactions and you will not hold MICROANALYSIS or its processors responsible for any data breach unless it is due to our negligence. To best protect your personal data outside of our control, your device should be protected (e.g. by up-to-date anti-virus systems) and your Internet service provider should take appropriate measures to secure network data transmission (such as, for example, firewall and anti-spam filtering).

11. Your rights

In relation to the processing purposes described herein, as a visitor, you will be able, as provided by the GDPR, to exercise the rights enshrined in Articles 15 to 21 thereof, namely:

 

Right to information We must provide you with all necessary information about the processing to which we subject your data, such as, but not limited to, what data we process, for what purpose and for how long we keep it, in a concise, transparent, intelligible and easily accessible form, using clear and simple wording.
Right of access You have the right to obtain confirmation from us as to whether or not your personal data is being processed and, if so, you have the right to access that data and to obtain a copy of the data being processed. In particular, you have the right to access the following information: purpose of the processing, categories of personal data processed, recipients to whom they have been or will be communicated, period of data retention or criteria used, rights of the data subject (rectification, erasure of personal data, restriction of processing and right to object to processing, right to object, right to obtain information on the origin of personal data, right to obtain information on the processing, right to be informed of the origin of personal data, right to be informed of the processing, right to be informed of the processing, right to be informed of the processing, right to be informed of the processing and right to object to the processing.
Right to rectification You have the right to verify the accuracy of your data and to request, without undue delay, the correction of inaccurate personal data and the completion of incomplete data.
Right to erasure You have the right, under certain conditions, to request the erasure of personal data concerning you when the data are no longer necessary for the purposes for which they were collected or processed, or you have withdrawn your consent and there is no other legal basis for the processing, or you have successfully objected to the processing of your personal data, or the data were processed unlawfully, or the data must be erased in order to comply with a legal obligation.
Right to restrict processing You have the right, under certain conditions, to obtain from us the restriction of processing.
Right to object You have the right to object, at any time, to the processing of personal data concerning you. We will in this case have to stop the processing, unless we demonstrate compelling legitimate grounds which override your interests, rights and freedoms as a data subject or for the establishment, exercise or defence of legal claims.
Right to human intervention in the context of a decision through an automated procedure You have the right to ask us not to subject you, where applicable, to a decision-making process based solely on automated processing, including profiling, which produces legal effects concerning you or significantly affects you in a similar way.
Right to portability You have the right to ask us to receive your personal data in a structured, commonly used and machine-readable format, or to transfer it to another provider without objection. This provision applies provided that the Data is processed by automated means and that the legal basis for the processing is the User’s consent, or a contract to which the User is a party or as part of any relevant pre-contractual obligations.
Right to withdraw consent You have the right to withdraw your consent at any time if consent is the legal basis for the processing of your personal data.
Right to complain You have the right to lodge a complaint with the Supervisory Authority if you consider that the processing of your personal data violates applicable law. Data Protection Authority, Kifissia 1-3, P.C. 115 23, Athens, tel: 2106475600 Website for filing a complaint: www.dpa.gr However, we would greatly appreciate it if you would give us the opportunity to address your concerns before approaching the Data Protection Authority and therefore please contact us in the first instance using the contact details provided in this Statement.

 

12. Exercising your rights

For further information about your rights and to exercise any of them, please contact us by e-mail at microanalysi@microanalysi.gr or by sending a letter to MIKROANALYSI – IDIOTIKA IATRIKA DIAGNOSTIKA ERGASTIRIA – IATRIKI ATHINON ANONYMI ETAIREIA., Al. 104 Panagouli and 2 Tymfristou, Agia Paraskevi, Attica 153 43 or 7 Ag. Alternatively, you can call +30 2106006900, (fax) +30 2106006902 or directly to the Data Protection Officer appointed by our Company at the email address dpo@microanalysi.gr. Generally, a response to your requests will be provided within (1) month from when we received your request, but if the request requires more time we will inform you accordingly (within one month). Please note that we may request further information to confirm the identity of the person concerned.

The exercise of your rights as an interested party is free of charge in accordance with Article 12 of the GDPR. However, in the case of manifestly unfounded or excessive claims, even because of their repetitive nature, the Company may charge you a reasonable contribution to the costs, in view of the administrative costs of handling your request or refusing to grant your request.

If you have any complaints or questions regarding the processing of your personal data, please contact us by email at microanalysi@microanalysi.gr or directly to the Data Protection Officer appointed by our Company at dpo@microanalysi.gr.