PERSONAL DATA PROTECTION POLICY

The medical company ZANTE MEDICAL CARE with VAT:800447021 of Zakynthos Tax Office and with General Commercial Registry No. 123081524000 based in Kalamaki, Zakynthos. For our company, the respect and protection of your personal data constitutes a commitment. We comprehend and take seriously into account, the fact that you are informed of and interested to your personal data.

The present Personal Data Protection Declaration describes the personal data that our company collects for you, the method we are using to protect your personal data and the options that you have, about the method with which we are using these data.

We acknowledge that the protection of your personal data constitutes a constant responsibility and consequently, we will update and modify at times the present Declaration. Please visit at times our website (https://www.zantemedcare.gr) to make sure that you are informed of any changes.

1. What kind of personal data do we collect about you?

The personal data that we process and retain for you, include:

• Health Details. We collect your personal data and your health data, concerning the medical services provided by our company, or health data for medical services not provided by us, but were mentioned to us, either by you or by third parties.
• Contact Details. We collect your name, surname, address and in general your contact details (including your e-mail and your telephone number (landline or mobile), your own or your relatives’).
• Invoicing Details. We collect your data which are necessary for the payment of our provided services, as for example your TIN, details of your bank cards, etc.
• State and other official identification numbers. We collect your Social Security Number, passport number, tax identification number, driving licence number or other identification number, issued by a competent state authority.

The companies of our Group commit that they will not process personal data of underage natural persons, without previously ensuring the consent of the person exercising the parental care of the child (parent or guardian).

2. How do we use (process) your personal data?

We use your personal data for the following purposes:

• For the provision of health services (realisation of medical actions and paraclinical examinations, and hospitalisation health care as well) and the handling of your medical file for the health services provided by our company: the total of personal data included in your medical file, including your medical history, the results of medical tests, medical reports, pharmacological treatment etc.
• For the quality improvement of our services.
• For our contact with you.
• For our conforming to the valid tax laws, health laws and our regulatory obligations.
• For our conforming to legal procedures and court decisions and to answer to requests of public and state authorities.
• For the imposition and defending of our legal rights and claims in order to protect our entrepreneurial activities, or of our business partners and in order to safeguard the rights, privacy, security or assets of our company or of our business partners, of your own legal claims or rights, or of other people, to pursue the available recovery measures and to limit our damages.

3. From where do we collect your personal data?

Your personal data are being collected from various sources, such as:

• From you, when our company provides medical services to you or to a person that you accompany, when they are unable to provide them themselves, when you fill out online forms or send e-mail, having as purpose to get informed or use the services of our company.
• Automatically via the browser or mobile device that you are using for your access to our website.
• From a third partner after having given your consent (i.e. your insurance company)
• From your telephone calls to us, sending of e-mail, and other contacts of yours with us.
• From pages of social media, other content of social media, our tools and applications.

4. Legal base of processing of your personal data

The processing of your simple personal data and/or your personal data of special categories, is realised for the provision of our services to you, which is based on:

• the contracting and execution of contract with your insurance company or upon your request (declaration of consent) for the provision of medical services.
• our legal obligation, as a company of provision of health services and for our conforming to the national and/or European legislation (tax purposes).
• the safeguarding of your vital interest.
• our lawful interest for the establishment, exercise or support of our legal claims (i.e. collection of our claims for the provision of our services).

5. Time of retention of your personal data

• When we provide health services to you, we retain your personal data for as long as the relevant legislation stipulates and specifically for the period provided by L.3418/2005, pursuant to which, we are obliged to retain your data for at least 10 years after your last visit.
• When you are about to conform to a legal or regulatory obligation, we retain your personal data, at least for the period required, pursuant to legislation, to conform to the said obligation.

6. Guarantees that we take for the protection of your personal data

When you give us your personal data, we take measures to ensure that they are kept safely. In order for your personal data to be protected, we take natural, technical and organisational protection measures. We update and control the security technology that we are using on a constant basis. We limit the access to the absolutely necessary personal data and only to those working for us, who are required to know these data of yours, to provide you benefits or our services. In addition, we train the personnel of our companies, as for the importance of confidentiality and retention of privacy and security of your personal data and we commit them with agreements of confidentiality and preservation of privacy of the information that they are aware of due to the provision of our services. Among others, we have implemented the following technical and organisational measures and procedures to protect your personal data from any loss, alteration, illegal processing or modification:

• Encryption, pseudonymisation of data.
• Detection and management of security violation cases.
• Use of servers located in rooms with limited access and subject to regular checks.
• Use of information systems and programmes for computers, that have been installed in a way that minimises the use of personal data and/or data of user identity verification.
• Adoption of individual procedures of personal data retention and safe deletion/destruction.
• Access to systems and databases on the principle “need-to-know”.
• Saving and retention of your personal data (of the simple ones and the special categoriessensitive as well) that are in written form, in a special saving space, protected and safe, to which there is no access of unauthorised people.

7. When and how do we transfer your personal data to others?

7.1 Your personal data are being collected and incur processing by the authorised per service employees of our companies, only for the purposes of provision of each service. They are transferred, only to authorised third parties (people who realise the processing) who commit to preservation of confidentiality and act according to our guidelines, when they are required to have access, within the provision of the said services (i.e. doctors for diagnosis purposes, external diagnostical laboratories for realisation or verification of specialised exams, Social Security Entities, insurance companies contracted with you, companies of insurance programmes management), competent auditory authorities of the Ministry of Health or the Ministry of Finance or when required by legislation (i.e. obligation of announcement of infectious diseases cases).

7.2 In each transfer, we always take every measure, so that the data that shall be transferred to always be the least possible and that the conditions shall be always fulfilled for legal, proper and transparent processing of them.

8. Your rights

You have the right to request access to your personal data, which we process. Furthermore, you have the following rights:

• Right of correction or deletion (under conditions) of your personal data.
• Right of limitation of processing or objection to the processing of your personal data.
• Right (under conditions) to receive your personal data, to use them anywhere else.
• In cases where we process your personal data based on your consent, you also have the right to revoke your consent anytime, without this affecting the legality of processing for the period before the revocation of your consent. Finally, you have the right to submit a protest to the competent Greek independent authority, which is the Personal Data Protection Authority (http://www.dpa.gr/).

9. Consequences of non-provision of your data

The provision of your personal data is necessary for the provision of our services to you, therefore in case of your refusing to provide them, we will not be able to provide you our services.

10. How to contact us

You can contact us for any question (tel.: +30-2695033111 & fax: +30-2695033051) or for the exercise of your rights concerning the processing of your personal data, by sending email at info@zantemedcare.gr or by sending a written form at the address: Kalamaki, P.C. 29100, Zakynthos, for the attention of Personal Data Protection Controller.

11. Information of edition – Changes and updates

We have the right to modify and update the present Declaration, anytime, for any reason, without notification to you, except for the upload of the updated Declaration on our website. We may send periodic emails to remind the changes and updates of the present Declaration, but you should check our website often, to get informed of the current and valid Personal Data Protection Declaration.