GDPR

Safeguarding your personal data has always been a priority for us. On 25 May 2018, the new General Data Protection Regulation came into force, according to which new rules concerning data protection apply. Our company, respecting the need for increasingly effective protection of your personal data, is taking all necessary steps to fully comply with the new legislation. The personal data to which our laboratory has access with your consent are: full name, patronymic, gender, date of birth, address, e-mail, e-mail, social security number, telephone number, dates of visit, results of paraclinical examinations, any clinical symptoms or treatment followed which affect the tests carried out. Your personal data and the results of your examinations are collected in the context of keeping medical records (article 14 of the Code of Medical Practice), and are stored electronically, obligatory for 10 years from your last visit (article 14 of the Code of Medical Practice). These records will be accessible from all the branches of our laboratory, so that you can retrieve them or consult them at any of them you wish. Your personal data and your test results will not be passed on to third parties. In case of the wish – consent of the examinee, the tests may be sent to the referring – treating physician for co-evaluation with clinical data. What are my rights to my data?
You have the right to your personal data:

  • be informed about their processing
  • gain access to them
  • request the correction of incorrect, inaccurate or incomplete personal data
  • request their deletion when they are no longer necessary or if the processing is unlawful
  • object to their processing for marketing purposes or for reasons relating to your particular situation
  • request restriction of processing in specific cases
  • receive your data in a machine-readable format and send it to another controller (“data portability”)
  • make a request so that decisions based on automated processing, which concern or significantly affect you and are based on personal data, are made by natural persons and not only by computers. You also have the right in this case to express your views and to challenge the decision.

In case you wish to correct your personal data, exercise your rights or for any questions regarding the processing of your data you can send an e-mail to: p.drakopoulo@gmail.com
Below we will present some important points of the new regulation, but you can read the full text at the following link: https://eur-lex.europa.eu

General Data Protection Regulation (GDPR)

This Regulation lays down rules relating to the protection of natural persons with regard to the processing of personal data and rules relating to the free movement of personal data. Personal data are information relating to an identified or identifiable living individual. Examples of personal data: first and surname, home address, postal address, e-mail address, identification document number (e.g. ID number, passport, driving licence, etc.), IP address, data held by a hospital or doctor. There are categories of personal data that are considered ‘sensitive’ and subject to specific processing conditions, such as: personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data processed solely for the purpose of identifying an individual, health-related data, data concerning an individual’s sex life or sexual orientation. The GDPR protects personal data regardless of the technology used to process it. It is technology neutral and applies to both automated and manual processing. The term “processing” covers a wide range of operations and includes the collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or any other form of making available, alignment or combination, restriction, erasure or destruction of personal data. Data shall be stored for the minimum period possible. This period should take into account the reasons why the company or organisation needs to process the data, as well as any legal obligations to keep the data for a specific period of time (e.g. 10 years of keeping medical records from the date of the last visit – Article 14 of the CPC). Any company or organisation may process personal data only in the following cases: (1) with the consent of the individuals concerned; (2) if there is a contractual obligation (a contract between the company or organisation and the data subject); (3) if there is a legal obligation to keep the data for a specific period of time (e.g. 10 years from the date of the last visit – Article 14 of the CPC). What are my rights to my data? You have the right to your personal data:

  • be informed about their processing
  • gain access to them
  • request the correction of incorrect, inaccurate or incomplete personal data
  • request their deletion when they are no longer necessary or if the processing is unlawful
  • object to their processing for marketing purposes or for reasons relating to your particular situation
  • request restriction of processing in specific cases
  • receive your data in a machine-readable format and send it to another controller (“data portability”)
  • make a request so that decisions based on automated processing, which concern or significantly affect you and are based on personal data, are made by natural persons and not only by computers. You also have the right in this case to express your views and to challenge the decision.

To exercise your rights, you should contact the company or organisation that processes your data. If the company or organisation has a Data Protection Officer (DPO), you can submit your request to them. The company or organisation must respond to your requests without undue delay and at least within one month. If it does not intend to comply with your request, it must state why. You may be asked to provide information to confirm your identity (for example, to click on a verification link by filling in a username or password) in order to exercise your rights. These rights apply throughout the EU, regardless of where the data is processed and where the company is based. These rights also apply when you buy goods and services from companies based outside the EU but operating in the EU.

For any questions, you can contact us.

Start typing and press Enter to search