Privacy Policy – GA Plastic Surgery

INFORMATION ON THE PROCESSING OF PERSONAL DATA (In accordance with Regulation (EU) 2016/679 and Greek legislation) For the Medical Center for Plastic Surgery GA Plastic Surgery (hereinafter referred to as the “Medical Center”), which operates under the name “PRIVATE MEDICAL CENTER” “SINGLE-SOLE MEDICAL COMPANY LIMITED LIABILITY ATHENS GIANNOPOULOU” and the legal entity “FACES PLASTIC SURGERY” (“Data Controller”) under the supervision of plastic surgeon Dr. Athina Giannopoulou and is based in Thessaloniki (24 Adrianoupoleos Street, Postal Code 551 33, Kalamaria, with VAT number 998098609, tel. +30 2310 440890 and email address web@gaplasticsurgery.eu), respecting and protecting your personal data, as well as keeping you informed, is our commitment. Privacy and safeguarding your personal data in the sensitive area of plastic surgery, both reconstructive and aesthetic, are our primary concern and a trademark of our Medical Center. Where personal medical data, as well as medical treatments, diagnoses and methods are mentioned below, we refer both to the personal data of our patients in the field of plastic surgery, as well as in the context of the aesthetic services we offer to our clients in general. At GA Plastic Surgery, we ensure that your personal data is collected and retained for the necessary time, for specified, explicit and legitimate purposes, is processed lawfully and fairly in a transparent manner and in a manner that guarantees their integrity and confidentiality. We ensure that these data are always appropriate, relevant, adequate and no more than is required in view of the purposes mentioned below, are accurate and, if necessary, are updated. For all the above reasons, we follow this Personal Data Protection Policy, which complies with the current legislative framework on the protection of personal data, in accordance with the General Data Protection Regulation (GDPR) (EU) 2016/679, in combination with national and other EU legislation.

THE PERSONAL DATA WE PROCESS – PURPOSE OF PROCESSING

In accordance with the applicable legal framework, GA Plastic Surgery Medical Center collects and processes personal data of patients/clients, for the following purposes and only to the extent strictly necessary to effectively serve these purposes. The personal data we process, depending on our relationship, the services requested and the purpose of their collection, include:

Plain personal data:

Identification and contact information: We collect your simple personal data, such as, where applicable, your name, address, Social Security Number, Social Security Number and general contact information (including your email address and telephone number), which are necessary for your identification, our communication with you, the satisfaction of any of your requests, as well as for the purposes of providing the requested medical etc. service. Your email address may also be used to send you newsletters and promotional activities, provided that you have given us your express consent.
Billing information: We collect your information, such as, for example, name, VAT number, residential address, etc., which are necessary for the issuance and payment of the corresponding tax information – documents,
Payment transaction and payment service data: This data, such as bank card information, bank account details for e-banking transfers, etc., is collected either by you or by the payment service provider you have chosen, for the purpose of paying for the services provided by us. In these cases, the transmission of your data by the Medical Center is considered to be done at your request to the transmitting provider, who is responsible for their completeness and accuracy. Your credit card details are not archived and cannot be used for any other purpose than those mentioned above.
Image data from the video surveillance systems of the Medical Center premises, where there are the relevant markings according to the law, for the purpose of protecting persons and material goods. We only collect image data and limit the recording to areas where we have assessed that there is an increased possibility of committing illegal acts, e.g. theft, without focusing on areas where the privacy of the persons whose image is taken may be excessively restricted, including their right to respect for personal data. For more information, see “Information on the processing of personal data through a video surveillance system“.

Special categories of personal data:

Health data: GA Plastic Surgery Medical Center collects health data and information from patients/clients, such as: clinical symptoms, medical treatments you have received, your personal medical history, the medication you are taking, your family medical history, previous hospitalizations, performance of medical or diagnostic procedures or paraclinical examinations, other information about medical services and procedures that were not performed by the Medical Center, but were reported to us either by you or by third parties (medical file), etc.

This information is collected to help us have a comprehensive medical picture of you, so that we can provide you with excellent medical care and treatment and the full range of medical and other services that will be deemed appropriate for your diagnosis, treatment and management in general. This data is part of your medical health file and is processed exclusively for the purposes for which it was provided, as well as for the continuity and sequence of your medical monitoring, in the event that we need to see you again or you receive health care again within the framework of the services provided by our Medical Center. Your health file or patient/client file is the file that collects all the information recorded in each of your contacts with any health/aesthetics professional who collaborates with the Medical Center and is created for each of our patients/clients, to support their assessment, diagnosis and treatment, the continuity of the care provided by us, the clinical exchange of information, the safety and improvement of the health care provided and to satisfy the requirements set by the applicable legislation. In addition to the patient/client, the right to access the patient/client file and to be provided with a copy of it is granted to any legal representative of the patient/client, as well as to a person specifically authorized by the patient/client. Exceptionally, the patient/client’s medical file data may be used in cases where it is deemed necessary to recognize, exercise or defend a right of the patient or the doctor/collaborator involved in cases concerning medical liability and the provision of health services in general, as well as legal claims for the services provided by the Medical Center, if this is provided for or permitted by the relevant legislation.

Photographic material/video recordings: GA Plastic Surgery Medical Center collects and processes your photographs and/or video recordings, as appropriate, concerning, on the one hand, the stage before the application of the invasive or non-invasive method or other treatment, and on the other hand, the stage after the application. This material is necessary first of all for the proper maintenance of your medical health file, as an element of your medical history, while it can also be used for other purposes, which do not directly concern your medical file, such as, for example, statistical purposes, research and clinical study purposes, for academic purposes, etc. and on the condition that the identification of the patient/client is not possible, otherwise your explicit consent will be required.

Other sensitive personal data: The Medical Center may collect other types of sensitive personal data, such as data relating to your religious or philosophical beliefs, genetic data, etc., upon your consent and request, with the sole purpose of improving the service provided, targeted and personalized diagnosis and treatment and only within the context of the service requested by you.

LEGAL BASIS FOR PROCESSING

GA Plastic Surgery Medical Center may process your personal data if the processing is necessary for at least one of the following cases (legal bases for processing), namely:

for the execution of the contract/mandate between us and the proper and complete provision of services by the Medical Center (art. 6 par. 1b GDPR)
in order to comply with our legal obligation (art. 6 par. 1c GDPR and art. 9 par. 2b GDPR)
for the purposes of our legitimate interests and/or legal claims, including the protection of the legitimate rights and interests of the Medical Center. This processing based on our legitimate interests is preceded by a weighing up of whether your interest or fundamental rights and freedoms that require the protection of your data do not prevail over the interests of the Medical Center (art. 6 par. 1f GDPR)
when you have given your explicit consent (art. 6 par. 1a’ and art. 9 par. 2a’ GDPR)
to protect your vital interests or those of another natural person (art. 6 par. 1d’ and art. 9 par. 2c’ GDPR)
for the purposes of preventive or occupational medicine, medical diagnosis, provision of healthcare or treatment (art. 9 par. 2 GDPR)
for scientific or historical research purposes or for statistical purposes, which are proportionate to the intended purpose (art. 9 par. 2j GDPR)
for the establishment, exercise or defense of legal claims (Art. 9 para. 2f GDPR)

RECIPIENTS OF YOUR PERSONAL DATA

GA Plastic Surgery Medical Center may, on a case-by-case basis – and only if and to the extent necessary for the above-mentioned purposes – transmit your personal data to collaborating physicians, collaborating medical centers and providers of health and aesthetic services, specialized physicians, aestheticians, suppliers of medical materials and equipment, providers of IT products and services, as well as support of all kinds of information and electronic systems and networks, security system companies, courier companies, employees/employees and other partners, who provide independent services to GA Plastic Surgery Medical Center and act on our behalf and at our instruction. Your personal data transmitted are only the minimum and absolutely necessary for the purpose of each processing, as stated above.
For tax reasons relating to the payment of the service provided by us and the issuance of the corresponding tax item/document, the Medical Center transmits your personal data absolutely necessary for each transaction and act to collaborating accountants/accounting – tax offices, as well as credit/debit card providers for the processing of payment on your behalf, using cards.
GA Plastic Surgery Medical Center, within the framework of applicable legislation, may, where appropriate, transmit your absolutely necessary personal data for the execution and proper functioning of the contracts between us, to safeguard our legal interests in terms of the collection and repayment of debts that have arisen, as well as any other of our legal rights and legal claims to law firms, accounting/tax firms and accountants/tax experts, notaries and bailiffs.
GA Plastic Surgery Medical Center may, where appropriate, transfer your personal data to hospitals, medical/diagnostic centers, private clinics, doctors and other healthcare providers for medical purposes, as well as for purposes related to the execution of the contract between us, the fulfillment of legal obligations and the safeguarding of vital interests, such as the protection of your life and integrity or upon your consent.
Your personal data may also be transferred to public insurance institutions within and outside the European Union, in accordance with your legal relationship with them, for social security purposes and to comply with a relevant legal obligation. In the event of transfer to private insurance institutions, the transfer takes place with your explicit consent.
GA Plastic Surgery Medical Center, in accordance with the current legislative framework, may have a legal obligation to transmit personal data concerning you, as the case may be, to the competent police, judicial, administrative, tax and other public authorities and bodies within and outside the European Union, upon their valid request, without prior notification to you.

GA Plastic Surgery Medical Center ensures and guarantees that the personal data we transmit is always appropriate, relevant, appropriate and no more than is required in view of the above-mentioned purposes. The Medical Center’s associates/employees/agents are “processors” on our behalf and do not process your data in any way, beyond the above purposes of transmission, take the same measures to protect your personal data as the Medical Center and process your data only within the framework of our explicit and written, where required, instruction. We always take care and control of our employees and associates, so that they have the appropriate training and take the same measures to protect your personal data as we do during the relevant processing, always subject to compliance with the security and confidentiality conditions.

PROCESSING OF PERSONAL DATA OF MINORS

GA Plastic Surgery Medical Center undertakes not to process personal data from individuals under the age of eighteen (18) years, without having previously obtained the consent of the person exercising parental responsibility for the child (parent or guardian).

RETENTION PERIOD OF YOUR PERSONAL DATA

Όταν σας παρέχουμε υπηρεσίες υγείας διατηρούμε τα προσωπικά σας δεδομένα (απλά και ειδικών κατηγοριών) για όσο χρονικό διάστημα ορίζει η σχετική νομοθεσία. Συγκεκριμένα, όπως ορίζει ο Κώδικας Ιατρικής Δεοντολογίας (Ν.3418/2005, ΦΕΚ Α 287/28.11.2005) «Άρθρο 14 ΠΑΡ. 4 : Η υποχρέωση διατήρησης των ιατρικών αρχείων ισχύει: α) στα ιδιωτικά ιατρεία και τις λοιπές μονάδες πρωτοβάθμιας φροντίδας υγείας του ιδιωτικού τομέα, για μία δεκαετία από την τελευταία επίσκεψη του ασθενή και β) σε κάθε άλλη περίπτωση, για μία εικοσαετία από την τελευταία επίσκεψη του ασθενή.» Όταν σας παρέχουμε υπηρεσίες αισθητικής διατηρούμε τα προσωπικά σας δεδομένα για μία δεκαετία από την τελευταία επίσκεψή σας, εκτός και εάν πρόκειται για δεδομένα υγείας, οπότε ισχύουν τα αναφερόμενα στην παραπάνω παράγραφο . Εάν μετά τη λήξη των δέκα (10) ή είκοσι (20) ετών βρίσκονται σε εξέλιξη δικαστικές ενέργειες με το Ιατρικό Κέντρο ή οποιαδήποτε συνδεδεμένη με αυτήν εταιρεία ή συνεργάτη, που σας αφορούν άμεσα ή έμμεσα, ο εν λόγω χρόνος τήρησης των προσωπικών σας δεδομένων θα παρατείνεται μέχρι την έκδοση αμετάκλητης δικαστικής απόφασης. Όταν θα πρέπει να συμμορφωθούμε με μια νομική ή κανονιστική υποχρέωση (π.χ. εκ της φορολογικής, κοινωνικοασφαλιστικής νομοθεσίας κλπ), διατηρούμε τα προσωπικά σας δεδομένα τουλάχιστον για όσο διάστημα απαιτείται για να συμμορφωθούμε με την εν λόγω υποχρέωση. Αναφορικά με τα προσωπικά δεδομένα, που συλλέγονται κατά την εγγραφή σας σε φόρμες επικοινωνίας, ενημερωτικά δελτία, ή/και στις προωθητικές μας ενέργειες διατηρούνται μέχρι την στιγμή που μας δηλώσετε ότι δεν επιθυμείτε πλέον να λαμβάνετε από εμάς ενημερωτικά δελτία ή/και προωθητικό ενημερωτικό και διαφημιστικό υλικό. Αναφορικά με τα δεδομένα εικόνας που συλλέγονται από τα συστήματα βιντεοσκόπησης των χώρων του Ιατρικού Κέντρου, διατηρούνται για χρονικό διάστημα 7 ημερών, μετά την πάροδο των οποίων διαγράφονται αυτόματα. Σε περίπτωση που στο διάστημα αυτό διαπιστώσουμε κάποιο περιστατικό, απομονώνουμε τμήμα του βίντεο και το τηρούμε έως και έναν (1) μήνα ακόμα, με σκοπό τη διερεύνηση του περιστατικού και την έναρξη νομικών διαδικασιών για την υπεράσπιση των εννόμων συμφερόντων μας, ενώ αν το περιστατικό αφορά τρίτον θα τηρήσουμε το βίντεο έως και τρεις (3) μήνες ακόμα.

GUARANTEES – SAFETY MEASURES

GA Plastic Surgery Medical Center takes all appropriate physical, technical and organizational measures to protect your personal data, in accordance with the applicable legislative framework and utilizing modern technological capabilities. The Medical Center guarantees the protection of your personal data from all types of malicious attacks, while at the same time we ensure that we limit access to your personal data to only those employees and partners who need to know this data in order to provide benefits or services to you. In addition, we constantly inform and train our staff and partners on the importance of confidentiality, privacy and maintaining the security of your personal data.

YOUR RIGHTS

The legislation on the protection of personal data provides you with the following rights, which you can in principle exercise free of charge, using the relevant Data Subject Rights Exercise Form and based on the provisions of the applicable legislative framework:

Right of access, i.e. your right to be informed about which of your data, which we have collected directly from you or third-party sources, are being processed by the Medical Center, the purposes and legal basis for their processing, any recipients or categories of recipients of your personal data, the time of their storage and retention, as well as the rights granted to you by the relevant legislation and detailed in this section.
Right to correct any inaccurate personal data of yours, so that it becomes accurate, as well as to complete incomplete information, by submitting to the Medical Center a relevant statement with your accurate and complete personal data.
Right to erasure of your personal data in the following cases: i. when your personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed, ii. when you withdraw your consent on which the processing of your personal data was based and there is no other legal basis for the processing. iii. when your personal data have been processed unlawfully, iv. when the obligation to erase your personal data is provided for by law, v. when personal data of a child have been collected with the provision of information society services, following his consent or the consent is provided by the person who has parental responsibility for the child
Right to restrict the processing of your personal data, in the following cases: i. when you dispute the accuracy of your personal data and until the Medical Center verifies their accuracy, ii. when instead of deletion, due to unlawful processing you request the restriction of the processing of your personal data, iii. when the Medical Center no longer needs your personal data for the purposes of processing, but these personal data are required by you for the establishment, exercise or support of legal claims
Right to object to the processing of your data, unless there are compelling and legitimate reasons for the processing, which override your interests, rights and freedoms or for the establishment, exercise or support of legal claims of the Medical Center,
Right to portability, i.e. your right to receive and transmit to another Data Controller your personal data, which you have provided to the Medical Center in an appropriate format, to the extent that this is technically feasible and provided that the processing of your personal data has taken place with your consent or was necessary for the performance of the contract between us.
Right to withdraw your consent (without retroactive effect), which you have provided for an issue related to the protection of simple personal data and health data.

It is noted that the above rights may be limited due to legal obligation, such as in the case where you request the deletion of data, while we are obliged to retain them based on legislation, e.g. tax, medical, etc. or for the exercise of legal claims. Also, your rights to delete personal data, to object or limit the processing thereof, may not be satisfied, partially or fully, if they concern data that are necessary for the preparation and/or continuation of the operation of the contract/mandate between us, regardless of the source of their collection. To exercise your above rights and to resolve any questions regarding the applicable legislation on personal data, you can contact the Medical Center as follows:

via the electronic contact form at web@gaplasticsurgery.eu
by letter to the Medical Center for Plastic Surgery GA Plastic Surgery at the postal address: 24 Adrianoupoleos Street, Kalamaria Thessaloniki, ZIP Code 551 33,
by phone to our call center: +30 2310 440890

The Medical Center will respond to your request free of charge, without delay and in any case within one month of receipt of the request, except in exceptional cases, in which case the above deadline may be extended by two more months, if necessary, taking into account the complexity of the request and/or the number of requests. The Medical Center will inform you of any extension within one month of receipt of the request, as well as of the reasons for the delay. If it is not possible to satisfy your request, the Medical Center will inform you without delay and at the latest within one month of receipt of the request, of the relevant reasons and of the possibility of submitting a complaint to the Personal Data Protection Authority, as well as of your right to appeal before the competent judicial authorities. If your request is deemed by the Medical Center to be manifestly unfounded or excessive, it may, in accordance with the relevant legislation, impose the payment of a reasonable and proportionate fee, taking into account the administrative costs for its satisfaction, or refuse to follow up on your request.

Right to complain – legal recourse

If you consider that the processing of your data violates Regulation (EU) 2016/679, you have the right to file a complaint with a supervisory authority. The competent supervisory authority for Greece is the Data Protection Authority, Kifissias 1-3, 115 23, Athens, https://www.dpa.gr/, tel. 2106475600. You also have the right to appeal to the competent judicial authorities for the protection of your personal data. USE OF COOKIES In addition to what we mention above, the Medical Center may collect identification data of the Users of the Website, using corresponding technologies, such as cookies and/or the tracking of Internet Protocol (IP) addresses. Cookies are small text files that are stored on each User’s hard drive and do not take knowledge of any document or file from their computer, they are used to facilitate the User’s access to the use of specific services and/or pages of the Website for statistical purposes and in order to determine which areas are useful or popular. Two types of cookies are used on this Website: (a) “browsing” cookies – these are temporary cookies that remain in the cookies folder of your browser for as long as the User is connected to the Website and (b) “persistent” cookies – these remain in the cookies folder of the browser used by the User for much longer (although how long depends on the lifespan of the specific cookie). Browsing cookies are used to improve the User’s navigation on the Website and to collect aggregate statistical information. This aggregated statistical information is used for internal purposes only by the Medical Center and will not be provided to third parties. Persistent cookies are used on the Website to store information on the User’s computer for various purposes, including, but not limited to, retrieving specific information that the User has previously provided (e.g., password details), determining which areas of the Website Users find most interesting, and customizing the Website according to the User’s preferences. This information may also include the type of browser used by the User, the type of computer, its operating system, Internet service providers, and other such information. The User of the Website can configure his/her web browser in such a way that it either warns him/her about the use of cookies in specific services, or does not allow the acceptance of the use of cookies in any case. Each User’s computer receives an IP address each time he/she accesses the Internet. Through this, the User’s computer can receive and send data. Generally, each time the User connects to the Internet, the User’s IP address changes. However, under some conditions (e.g. with some broadband connections) the User’s IP address becomes fixed. A fixed IP address can be associated with the specific User’s computer and therefore can lead to personal information of the User. Web log information is non-personal information collected by the computer hosting the website each time a User visits it.

Examples of the type of information that may be collected using the IP address and/or web log information include details of the date and time of your visit to the website and the type of browser and computer operating system used. The Medical Center or its authorized representatives use the User’s IP address and/or web log information to collect and report aggregated information about how the Website is used and how the Website can be improved. Cookies are from the Google Analytics service. All information that the Google Analytics cookies (_ga, _gat, _gid) collect is sent anonymized, respecting your browser software’s privacy settings (“Do not track”). They are used only to help us improve the way our website operates, the content and the services provided.

Cookies we use on the gaplasticsurgery.eu Website

Cookie Name

Provider		Purpose	Duration
_ga	gaplasticsurgery.eu	Registers a unique ID used to generate statistics from Google Analytics on how the visitor uses the website	2 years
_gat	gaplasticsurgery.eu	Used by Google Analytics to determine request rate	1 minute
_gid	gaplasticsurgery.eu	Registers a unique ID used to generate statistics from Google Analytics about how the visitor uses the website	Session
_ga	www.gaplasticsurgery.eu	Registers a unique ID used to generate statistics from Google Analytics on how the visitor uses the website	2 years
_gid	www.gaplasticsurgery.eu	Registers a unique ID used to generate statistics from Google Analytics about how the visitor uses the website	Session
devicePixelRatio	www.gaplasticsurgery.eu	Records the pixel ratio of your screen. If your screen is retina or has a Hi DPI resolution, then the Website may choose to display higher resolution graphics for you.	4 days

LINKS TO AND FROM OTHER WEBSITES Our website may be contained in references to other websites or have hyperlinks to third-party websites or related applications. The Medical Center website does not control and bears no responsibility for the availability, content, privacy and data protection policies, quality and completeness of the services of other websites to which our website refers or which refer to our website through “links”, hyperlinks or advertising banners. The Medical Center website should not be considered to endorse or accept the content or services of these websites or their related applications. For any problem that may arise when visiting/using these websites, the user must contact the corresponding websites directly, which bear full responsibility for the provision of their services.

EFFECTIVITY-REVISIONS OF THE PERSONAL DATA PROTECTION POLICY

This Policy is valid from 25-05-2018. GA Plastic Surgery Medical Center reserves the right to modify and adapt this Policy, whenever it deems it necessary and in accordance with applicable legislation, while any changes will come into effect upon their posting on the website www.gaplasticsurgery.eu, from where you will be informed.