Confidentiality Statement

Biodiagnostics Medical Laboratories has taken the necessary measures in order to fully ensure your privacy and the security of your personal data, in accordance with current European and national legislation. This Privacy Statement (hereinafter the Statement) concerns all your personal data processed by Biodiagnostics Medical Laboratories during the process of providing health services. In particular, this Statement is recording and analyzing: the type of personal data processed by Biodiagnostics Medical Laboratories, the legal basis of the processing, the retention period of the data, the recipients of the personal data, as well as, the technical and organizational measures taken by Biodiagnostics Medical Laboratories for guaranteeing the security of privacy.

Data we process

Biodiagnostics Medical Laboratories obligatorily collects your personal data (demographic data, payment and insurance data, medical history) in order to provide you with the medical services you request. In this context, if you request, we may process data from previous examinations and diseases that you provide us for medical diagnosis purposes. Also, upon your expressed consent, we store contact information of your relatives for the sole purpose of being used only in case of emergency. In the event that you visit the Biodiagnostics Medical Laboratories following a referral from a Private Doctor, we inform the latter of the results of your examinations, only if this is deemed necessary for the purposes of a proper medical diagnosis.

Furthermore, we inform you that we process special categories of personal data within the scope of Article 9 of the General Data Protection Regulation (GDPR, EU Regulation 2016/679), the processing of which is necessary for the purposes of preventive or professional medicine, medical diagnosis, provision of health or social care or treatment or management of health and social systems and services based on the legislation of the Union law or the law of a Member State or based on a contract with a professional in the health sector and in compliance with the conditions and guarantees of article 9 par. 3 GDPR, i.e. by processing them by or under the responsibility of a professional who is subject to the obligation to observe professional confidentiality based on the law of the Union or a Member State and by observing the applicable legal rules as the case may be, and/or the processing of which is necessary for reasons of public interest in the public sector of health, such as protection against serious cross-border threats to health or ensuring high standards of quality and safety of health care and medicines or medical devices, based on Union law or the law of a Member State, always in compliance with the measures of article 22 par. 3 sec. b’ N 4624/2019 and in particular observing the provisions that ensure professional confidentiality. In the above cases, we take all appropriate and specific measures to safeguard the interests of the subject of personal data, after taking into account the state of technology, the cost of implementation and the nature, extent, context and purposes of processing and the relative risks to the rights and freedoms of natural persons. In particular, pseudonymization, anonymization, encryption or other appropriate technical organizational measures are applied to protect the legal interests of the subjects of personal data and any other necessary legal measure.

Furthermore, we process special categories of personal data within the meaning of Article 9 para. 1 GDPR for the purposes of scientific or historical research or the collection and maintenance of statistical data in derogation from the above provision without the consent of the subject, to the extent that the processing is necessary for the purposes of scientific or historical research or the collection and maintenance of statistical data and the interest of the data controller is superior to the interest of the subject that his personal data should not be processed, and always in compliance with all appropriate measures to protect the legitimate interests of the subject of the data and in particular in pseudonymization, anonymization, encryption or other appropriate technical organizational measures to protect the legal interests of the subjects of the personal data and any other necessary legal measure. Furthermore, personal data that we process in the context of the research may be published, as long as the data subjects have consented in writing or the publication is necessary for the presentation of the results of the research, in which case the publication is always done under pseudonymization.

Legal basis for the processing of your data

Biodiagnostics Medical Laboratories receives and stores your basic personal data (demographic data) for the planning of your visit to our premises, as well as all personal data deemed necessary for the provision of the medical services you desire. Therefore, the medical service agreement is the legal basis for the processing of your data.

Retention period of your data

Biodiagnostics Medical Laboratories keeps your personal data for a period of at least 10 years, as defined by national legislation. After the expiration of the above period of time, Biodiagnostics Medical Laboratories proceeds to the secure deletion of your personal data.

Exceptionally, Biodiagnostics Medical Laboratories retains your personal data for a period of more than 10 years, only if this is necessary to serve the legal interests of Biodiagnostics Medical Laboratories. 

 

Recipients of your personal data

Biodiagnostics Medical Laboratories may disclose your personal data to three different categories of recipients:

  1. To medical service providers – partners of Biodiagnostics Medical Laboratories:

Biodiagnostics Medical Laboratories maintains external collaborations with third parties (computer engineers, doctors, health care providers – reference laboratories), who process personal data in the name and on behalf of Biodiagnostics Medical Laboratories, under strong contractual commitments. The Third Parties under consideration, have been selected based on the effective implementation of a high level of security measures regarding the protection of personal data.

  1. To third party health care providers.

Biodiagnostics Medical Laboratories discloses your personal data to third party recipients (with whom it does not cooperate) only in the following cases:

o In case the disclosure is required within the framework of an insurance contract that you maintain with a specific insurance company

o For reasons of safeguarding your vital interests

o If required by a specific legislative provision.

  1. To third party providers at your request.

Biodiagnostics Medical Laboratories discloses your personal data to third party health care providers, only upon your own written request. For more information on how to transfer your personal data to third parties, you can consult our website or the Branch manager.

It is clarified that Biodiagnostics Medical Laboratories does not bear any responsibility for the management of your personal data by third parties.

Record your actions or deeds

We may record and keep your conversations with our medical Centers – including letters, emails, live chats, or any other form of communication. We use these records to evaluate, analyze and improve our services, to train our staff, to manage or prevent potential risks, and to detect fraud and other criminal acts. We may collect additional information about these communications, e.g. telephone numbers from which you call us and information about the devices or software you use, only if this is deemed necessary for the above purposes.

The Security of your data

The priority of Biodiagnostics Medical Laboratories is to keep your personal data safe. biodath@otenet.grhas taken and is implementing a series of measures to keep your personal data safe and protected. These case-by-case measures include role based access control (data based access control) as well as pseudonymization, encryption or other technical and organizational measures.

Your rights

We let you know that you have the right to:

  • Access to your data,
  • Correction of your data in case of inaccuracy,
  • Deleting your data in specific cases
  • Restrict the processing of your data
  • Opposing the processing of your data
  • Transferring your data to another healthcare provider
  • Report to the Personal Data Protection Authority in case of an unfortunate incident of violation of your data.

Our company will respond to your above requests within a month of receiving them, and exceptionally this deadline can be extended by another 2 months, if additional time is required.

In case you need clarifications or further information about your above rights, you can contact the Branch Manager or the Data Protection Officer of Biodiagnostics Medical Laboratories (contact details below).

Responsible contacts

We inform you that you can contact us for any issue regarding the security of your data within our company at the following phone 210 42 22 335 and email: biodath@otenet.gr .

If you have any questions or you require more information, you can contact the Data Protection Officer (e-mail: biodath@otenet.gror by phone at 210 42 22335). If you are not satisfied with the way your data is processed, you can file a complaint with the Personal Data Protection Authority. However, we will be happy to give you the opportunity to resolve any of your issues as soon as possible before filing a complaint with the Personal Data Protection Authority.

CEO and President of Biodiagnostics Medical Laboratories 

Nikolaos Oikonomidis