Affidea is a medical service provider with high ethical standards. The terms "Affidea" ("we" or "us" or "our") refer to "AFFIDEA HOLDINGS GREECE LIMITED COMPANY", which is based at 122 Vouliagmenis Av., Elliniko, as well as its subsidiary companies, providers of medical services.
1. Legal basis for processing your personal data
We are legally bound to protect and process your personal data securely. Our medical professionals are bound by professional duty of confidentiality.
1.1. It is necessary for us to make use of your personal and medical data in order to provide you with the required medical services.
The processing of your basic personal data (e.g. name and contact details) is necessary to schedule your appointments and to perform the medical services you need. The contract for the provision of medical services is the legal basis for the processing of your basic personal data.
Your health data covers information related to your health (e.g. information about a requested diagnosis/treatment and our own medical assessment/evaluation). Providing you with a medical diagnosis and/or medical treatment creates the legal basis for us to process your health data.
If you are in an emergency or life-threatening situation, we will use your medical data to protect your health and well-being, and to protect your vital interests.
1.2. We are constantly improving our services.
At Affidea we are always looking for better ways to provide our services.
If you do not object to us contacting you after your visit about your comments/observations about your experience, your participation in the satisfaction survey is optional and will not affect our service to you. If you do not object, we will also evaluate the use of our services by analyzing data we have collected about you in order to find new ways to provide improved services (for example, observing the residence of our respondents in order to decide whether to open a new medical center). We do this in accordance with our legitimate interests to understand what we can improve.
1.3. You can also voluntarily consent to the following Affidea's privileged processing activities if you wish. By selecting the relevant field in the corresponding part of your "data protection declaration" you can voluntarily consent to the following at no additional cost.
A) Anonymization of your data to improve our medical services
We are committed to continuously improving our medical services. We kindly ask for your cooperation by allowing us to anonymize a copy of your personal data in order to use it for research and development purposes. Anonymization describes a procedure regarding personal data (or a set of personal data) that makes it completely impossible to identify the person to whom the personal data relates. This way, you remain anonymous.
In the area of research and development we intend to collaborate with other healthcare and information technology professionals and to exchange data (once it has been fully and irreversibly anonymized). Your anonymized data will not be used for any other purpose and do not include any identifiable information.
B) Informational communication with you
We would like to inform you about our news and the services we provide so that you can benefit from our personalized medical services. If you agree to be contacted using personalized communication, you may also receive reminders if a re-examination is deemed necessary.
If you later change your mind about this, you can withdraw your consent(s), which will not have any negative impact on the healthcare provided by us.
2. The data we process
During your relationship/partnership with Affidea, we receive your personal data from three sources: (1) from you, (2) from others, and (3) in the course of our medical activity.
(1) In order to provide you with medical care services, we ask you to provide us with your basic personal data (in particular your personal information resulting from your identity), your payment and insurance information (data necessary to pay for our services) and medical data (in particular information about your state of health). If you decide to share previous imaging and medical reports for our use, we will store and process them in our systems for the purpose of your medical diagnosis and/or medical treatment. If you voluntarily provide contact information of your loved ones or family members, it will only be used when we are unable to contact you or in an emergency.
2) We collect personal data from others in the following cases:
a) If you are referred to our clinic by a health care provider (private practitioner or hospital), we inform that person about your health condition and/or your treatment, if you consent or this is absolutely necessary to provide you with the medical service.
b) If the medical diagnosis and/or medical treatment we provide is paid for by a medical insurance provider (public or private), we must check your insurance coverage before providing the medical service to you.
(3) When we provide medical diagnosis and/or medical care, we create data about your health. As a medical service provider, Affidea is required by law to document the service provided to you in writing and to maintain the relevant medical record.
(4) For informational and marketing communications with you, we will collect your basic personal and contact information (name and surname, address, mobile phone and e-mail).
For more information about the data we process, see this Appendix or contact one of the secretariats of our diagnostic centers.
3. How long we keep your data
Affidea retains your personal data for a period necessary to provide medical services and to comply with applicable medical, tax, accounting or other legal requirements. That is, your personal and medical data are kept in our records for a period of ten (10) years after your last visit to one of our diagnostic centers while your financial and insurance details are kept in our records for twenty (20) years, as provided for in Greek tax legislation.
If our legal obligation to retain your data ends, we will delete your data or anonymize it (as explained above). Affidea will not delete your data if an alternative legal basis for its retention arises, for example, Affidea's legitimate interest to defend against claims. If this happens, we will contact you.
For more information about the data we process, see this Appendix or contact one of the secretariats of our diagnostic centers.
4. Who we share your data with
During your relationship with Affidea, we share your personal data with three different recipients: (1) with our service providers, (2) with providers independent of us, and (3) with third parties in the event that you ask us to.
1) Affidea uses service providers (so-called data processors) to help process the personal information we receive and create (for example providers of medical and accounting software and equipment, contracted doctors). Data processors act on behalf of Affidea under our written instructions. We only share your data that is absolutely necessary.
2) We share your personal data with third parties (i.e. recipients independent of us) in the following cases:
a) If required by law.
b) If we need to fulfill our obligations in cooperation with a healthcare professional or an insurer with whom you have entered into a contract.
c) If the protection of a vital interest of yours requires it, we will share your health data with other professionals in the industry or your relatives in cases of emergency.
We only share your data that is absolutely necessary.
3) You can request that we send your medical data to your referring doctor or your family doctor. If you ask us to share your data with someone, we recommend that you first investigate how and why that person will process your personal data. The processing activities of third-party recipients are beyond our control and responsibility. If you want us to share your medical data with other doctors, please consult one of our secretariats about the available means of transmitting this data.
For more information about the recipients of your personal data, see this Appendix or contact one of the secretariats of our diagnostic centers.
5. International Data Transfers
We may need to share your personal data with recipients located outside Europe. This transfer takes place safely as we assure you (1) that the host country is covered by the European Commission's suitability guarantees and (2) that the so-called Binding Corporate Rules or established/standard EU contracts are respected. If we need to transfer your data in a country not covered by the European Commission's guarantees of suitability, we will inform you in advance of this transport.
For more information about the position/location of your personal data, please contact one of the secretariats of our diagnostic centers.
6. The safe keeping of your data
Keeping your data safe is our priority. Your personal data is stored securely by us or by our carefully selected service providers. When our service providers process medical data on our behalf, we require a high level of protection, which is reflected in a written contract.
We ensure that very strict security measures are in place to safeguard your personal data from loss and misuse, as well as unauthorized access or transfer.
7. Your Rights
Under data protection law you have the following rights:
7.1 The right to request access to your personal data. This means that you have the right to know that your data is being processed and that you have the right to access your personal data processed by us and to provide you with information about what Affidea is doing with your personal data.
7.2. The right to request the correction of your personal data. This means that you have the right to correct or complete your personal data if it is inaccurate or incomplete.
7.3. The right to request erasure of your personal data. This means that you have the right to delete your personal data in certain cases, if there is no legitimate reason for the continued processing.
7.4. The right to ask us to restrict processing. This means that you can request to "opt out" of the processing of your personal data. Your valid request will mean that we will be able to store your personal data, but not process it further.
7.5. The right to data portability. It allows you to access and reuse the personal data you have provided us for your own purposes and across various services. You have the right to easily receive and transfer an electronic copy of your personal data and ask us to transfer it to another controller.
7.6. The right to object to the processing of your personal data. You have the right to object, for reasons related to your specific situation, at any time to the processing of your personal data based on our legitimate interest (see Section 1.2. herein). You can also object to the use of your personal data for direct marketing purposes.
If you wish to exercise your rights or wish to receive more information about your above rights, please contact one of the secretariats of our diagnostic centers or contact our Data Protection Officer (e-mail: dpo.gr@affidea.com.
We will respond without delay and in any case within one month of receiving your request. This deadline may be extended by two months further if necessary, taking into account the complexity of the request and the number of requests. The controller will inform you of any extension within one month of receiving your request, as well as for the reasons of the delay.
8. Data Processing Impact Assessment (DPIA)
As the controller of your personal data, we are bound by the GDPR (EU 2016/679) and national legislation to take all necessary measures and proceed with all actions that ensure security when processing your data. We regularly conduct an Impact Assessment, identifying and mitigating the risks involved in the processing of personal data and implementing best practices to mitigate these risks.
9. Breach of Personal Data
We take all the necessary technical and organizational measures to minimize the possibility of a breach of your personal data. However, if an incident of violation takes place, we follow the procedure provided by Greek and European legislation for handling the incident, informing the competent national Authority and informing the data subjects. In the event that you become aware of a breach of your personal data, please inform us without delay at the e-mail: dpo.gr@affidea.com.
10. Disclaimer for Third Party Sites
We inform you that in case that Affidea's websites contain links that redirect you to third-party websites, Affidea does not control and is not responsible for the content of these websites, nor does it have any responsibility for the possible processing of your personal data by them.
11. If you have further questions
If you have any questions or would like more information about the processing of your data, you can contact Affidea’s Data Protection Officer (e-mail: dpo.gr@affidea.com, postal address: 122 Vouliagmenis Street, Elliniko, TK 16777, tel.: 2130900925) or contact one of the secretariats of our diagnostic centers.
If you are not satisfied with the information, we will provide you or if we do not satisfy your request, you can contact the Greek Data Protection Authority (e-mail: contact@dpa.gr, 1-3 Kifissias Ave., Athens TK 115 23, tel.: 2106475600).
Last revised: February 2023
Below you will find further information regarding the people with whom we share your data. We only share your data with other recipients if absolutely necessary.
Below you can also find further information about the type of data we process for various purposes (as outlined in sections 1.1 - 1.3. above) and how long we keep your data for these purposes.
