Σφακίων 32, Τ.Κ. 73134, Χανιά Κρήτης | Τηλ./Φαξ: 28210-56295 | email: [email protected] , [email protected]
Κυριακή, 28 Νοέμβριος 2021

Privacy Policy in accordance with Regulation EU/2016/679 («GDPR») and Greek National Law 4624/2019

Preamble 

At the Medical Association of Chania, hereinafter referred to as «ISH», we are committed to protecting and respecting your privacy. Adherence to the Privacy Policy («Policy») of Personal Data («PD») determines the basis on which PDs are collected for you. The Policy has been developed based on the Impact Assessment for the protection of PD (DPIA – Data Protection Impact Assessment), which is provided by the GDPR and Law 4624/2019. The PD’s are either provided to us by you with your free consent directly or are provided to us through third parties who have already secured your free consent and are processed always in accordance with the GDPR and the corresponding legal basis (Law 4512/2018, Government Gazette AD – no. 225/1957 – B / D for the establishment of Medical Associations). Please read the following carefully to understand the use of PD.

 

Information and PD that we collect for you

We collect information and IFRS from you which you provide with your free consent either directly or through third party services with which you interact and have already asked for your free consent.

We may process data, including the following during the provision of hosting and use of our facilities by you, which could contain IFRS or be considered IFRS:

  • Name, residence and / or work address, e-mail address, telephone numbers (landline or mobile), ID or passport number, nationality, date of birth, university degree, specialty and postgraduate degrees, specializations with the corresponding grade. Note here that all the above information is required by Greek law for your participation in the association and the obligations / rights arising from your capacity as doctors.              
  • Financial information about you, including your bank account details, your credit or debit card details or other payment details, in order to repay your mandatory membership fee to the Association.          
  • Information about your professional history, your participation in other medical associations, your work in multi-clinics or clinics.              
  • And finally that other information that you ask us to process on your behalf or which are necessary in order for our association to fulfill its obligations towards you and the Greek state.

 

We also inform you that: 

  • When you visit our ISP website, your device browser provides information such as your current IP address, browser type, access time, and pages of our website that you visit are collected and used to compile statistics. data. This information can be used to help us improve our website, the services we offer and to design new services for you.
  • We may use cookies and similar technologies to assist in the provision of data on our website and to offer you a more personalized user experience tailored to your needs and requirements. In this case you have the option to not accept the suggested cookies.

 

Purposes of processing 

We process PD for the following purposes:

  • Legal obligation and license to practice the profession of the members.
  • Inspection of clinics, laboratories and multi-clinics if the relevant specifications are observed when they open and every five years.
  • Preservation of the medical profession and order.
  • Safeguarding the rights of patients and members when relevant complaints are made by transmitting the file to the National Organization for Health Care Services (EOPYY) or to another legal entity after the patient’s permission.
  • Retirement time information and corresponding certificate.

 

Legal basis of the processing 

The legal bases of the processing are, as the case may be: 

  • Royal Decree Government Gazette 309-t.A 29-10-1923 On the establishment of Medical Associations
  • Royal Degree Government Gazette τ. Α 225/1957 Β.Δ For the establishment of Medical Associations
  • Law 3418/2005 Code of Medical Ethics
  • Law. 3599/2007 Article 31
  • Law 4512/2018 Chapter B. About Medical Associations (no.291)
  • Your consent

 

PD Security

The IFC is committed to making every effort to protect your IFRS. For this reason, we use a variety of security technologies and procedures to protect IFRS from unauthorized access and use. But keep in mind that no physical or electronic security system is completely secure. We cannot guarantee the complete security of our databases, nor can we guarantee that the information you provide to us via the Internet will not be intercepted. However, we are committed to continuing to review and improve security policies and to implement additional technical and organizational security measures as new technologies become available.

The transmission of information via the Internet is not completely secure and may involve the transmission of data to countries outside the European Union. This is due to the use of cloud solutions for web hosting, email hosting or proprietary software solutions delivered to us via cloud. However, in any case we do not allow third parties to use your IFRS for their own purposes. While we will do our best to protect your personal data, we cannot guarantee the security of your personal data transmitted to us. Therefore, any transfer of IFRS is at your own risk. When receiving IFRS, we use appropriate security measures to avoid unauthorized access.

 

Retention Period of PD:

The period that the IFRSs are kept in the PC is determined by the provisions of the Greek legislation for the protection of the interests of the members and for reasons of state interest in the exercise of the medical profession and the protection of health.

Personal data that are necessary for the conclusion or execution of the contract between us are kept throughout the duration of the contract and 5 years after its expiration. In case of claims, these data are kept until an irrevocable decision is issued.

 

Transmission of PD: 

We ensure that your personal data is processed lawfully, which is restricted within the IPS, while ensuring their confidentiality and we are committed to non-transmission of IFRS to third parties other than those required by law, or you have already given your consent. However, they may be passed on to our associates, who act as processors on our behalf, to the extent that the aforementioned processing purposes are served and subject to the confidentiality of their protection under our contractual commitments, the service of the law our interests and with the right to control them.  

 

Your rights and how you can claim them:

  • To know what personal data we hold and process, their origin, the purposes of processing them, as well as the time of keeping them (“right of access”). 
  • Request the correction and / or completion of your personal data so that it is complete and accurate (“right of correction”). You must provide any necessary documents from which the need for correction or completion arises.
  • Request a restriction on the processing of your data (“right to limit the processing”).
  • Refuse and / or object to any further processing of your personal data that we hold (“right to object”).
  • Request that we transfer your personal data that we hold to any other processor of your choice (“right to data portability”).
  • To file a complaint to the Personal Data Protection Authority (www.dpa.gr), if you consider that your rights are violated in any way (“right to complain to the Authority”).
  • Request the deletion of your personal data from the files we keep (“right to be forgotten”).

 

In connection with the claim of your above rights, the following are noted: 

  • The association has in any case the right to refuse the satisfaction of your requests for restriction of the processing or deletion of your personal data or your opposition to the processing, if the processing or keeping of the data is necessary for the establishment, exercise or support of legal his rights or the fulfillment of his obligations towards the Greek or European state.
  • The claim of the right to portability does not imply the deletion of your data from our files, which is under the terms of the immediately preceding paragraph and the conditions of the Regulation.
  • The claim of the above rights is valid for the future and does not involve data processing already performed.

 

For the claim of your above rights in accordance with European and Greek legislation and the restrictions defined in them, you can contact in writing at the address of the association (Medical Association of Chania, 32 Sfakion Street, Chania, PC 73 134), or electronically at e -mail: [email protected] 

 

WiFi service 

For WiFi service within the Association, please see the relevant policy (WiFi disclaimer) 

 

Data Controller

Controller is the / the President of the Association under the name «Medical Association of Chania», with him / her that you can contact for issues at GKPD-mail e: [email protected] 

 

Policy changes 

We reserve the right to change this policy by applying newer provisions of European and Greek legislation and at our discretion. If we make any changes, we will post the changes here so that you can access them immediately.