PRIVACY PROTECTION POLICY OF THE NURSING HOME “OASIS O.E.” (Oasis General Partnership)
In this special section of the electronic profile of our company we provide detailed information on the Processing of Personal Data, given that, for our company the protection of the personal data of the patients and those responsible for them is of paramount importance. For this reason, we take appropriate measures to protect the personal data that we process and ensure that their processing is always carried out in accordance with the obligations provided for by the existing legal framework, both in the company itself, as well as from third parties who process personal data on behalf of the company.
The company OASIS O.E. based in 12 Kolokotroni Street, Agia Paraskevi, Attica, Greece (email: email@example.com, tel : +30 210 6016956, website: www.oasishome.gr ), informs that, for the purposes of exercising its activity, it processes personal data of the guests and the persons responsible for them, according to the current national legislation and the European Regulation 2016/679 on the protection of natural persons against the processing of personal data and on the free movement of such data (General Regulation on Data Protection, hereinafter “Regulation” ).
For any issue regarding the processing of personal data, contact Dimitrios Panagiotakopoulos directly at the e-mail address : firstname.lastname@example.org, phone +30 210 6016945.
3. Purpose of processing and how personal data is used
The personal data you provide to us such as name, email, mobile / landline, health data are processed only when we have a legal reason to do so.
Legal reasons for the processing of personal data are:
(a) the provision of the services you entrust to us and wish to receive from us
(b) compliance with an obligation imposed by law, such as compliance with the Code of Medical Ethics Law. 3418/2005
(c) conservation and protection of legitimate interests, both yours and our company
(d) the consent you provide under certain existing conditions, set by the current legal regime, in order to receive updates on our services from our company or third partner companies, which process personal data always in accordance with the law
(e) in relation to the processing of specific categories of data, the processing necessary for the purposes of medical diagnosis, health or social care or treatment. If the processing is done for other purposes, then your explicit written consent will be specifically requested
(f) exceptionally, use shall be made of the patient’s medical records, which may be necessary for the recognition, exercise or defence of his/her rights in matters relating to medical liability and the provision of health services in general, provided that this is authorised by the relevant Authority for the establishment and operation of records with sensitive personal data. In such cases the data subjects shall be informed before the use of their data before the court of such processing.
4. Where the data is transmitted
OASIS O.E. transfers personal data to third parties, to whom the company entrusts the processing of personal data on its behalf. In these cases, OASIS O.Ε. remains responsible for the processing of your personal data and defines the individual details of the processing, and signs a special contract with the third parties to whom it entrusts the execution of processing activities, in order to ensure that the processing is carried out in accordance with the applicable legal framework and that any natural person can freely and unhindered to exercise the rights conferred on him by the legal framework.
In addition, the data may be transmitted to cooperating third parties for the purpose of sending promotional material and information about products, services and offers, provided that consent has been provided by any natural person.
Please note that access to the patient’s medical records is exceptionally permitted :
(a) to judicial and prosecutorial authorities in the performance of their duties ex officio or at the request of a third party invoking a legitimate interest and in accordance with due process ;
(b) to other bodies of the Hellenic State, which according to their statutory provisions have such a right and competence.
5. Storage Period
The data storage period is decided based on the following specific criteria depending on the case :
(a) When processing under contract, your personal data is stored for as long as is necessary for the performance of the contract and for the establishment, exercise, and / or support of legal claims under the contract.
(b) When processing is required as required by the provisions of the applicable legal framework, your personal data will be stored for as long as the relevant provisions require. In particular, and in accordance with the Code of Medical Ethics Law. 3418/2005 article 14, the keeping of a medical record is provided for one decade from the last visit of the patient in the private clinics and other primary health care units of the private sector and for twenty years from the last visit of the patient in any other case.
(c) For the purposes of promoting products and services (marketing activities) and in any other case where the processing is based on your consent, your personal data is kept until the withdrawal of your consent. This can be done by you at any time. Withdrawal of consent shall not affect the lawfulness of the proceedings based on the consent given in the period prior to its withdrawal.
To withdraw your consent, please contact Mr. Dimitrios Panagiotakopoulos at the following contact details : Email: email@example.com, phone : +30 210 6016945.
6. Your rights regarding the processing of personal data
Each individual whose data is processed by OASIS. O.Ε. enjoy the following rights, as provided by the new European Regulation :
(a) Right of access :
You have the right to be informed and to verify the legality of the processing. That is, you have the right to access the data and receive additional information about their processing. Regarding the medical file, the patient has access to the medical records, as well as receiving copies of his file.
(b) Right of correction :
You have the right to study, correct, update or modify your personal data, by contacting the person in charge of our company at the above contact details.
(c) Right of deletion :
You have the right to request the deletion of your personal data that are subject to processing, except in cases where the obligation to process personal data is required by law, where this right is subject to certain restrictions or is not recognised.
(d) Right to restrict processing:
You have the right to request a restriction on the processing of your personal data in the following cases :
– when you dispute the accuracy of personal data and until it is verified,
– when you oppose the deletion of personal data and request instead of the deletion the restriction of their use,
– when the personal data do not serve the purposes of processing, although they may be necessary for the establishment, exercise, support of legal claims
– when you oppose the processing and until it is verified that there are legal reasons that concern us and prevail over the reasons why you oppose the processing.
(e) Right to object to processing:
You have the right to object, at any time, to the processing of your personal data even in cases where, as discussed above, it is necessary to serve the purposes of the legitimate interests we pursue as processors, as well as to the processing for purposes of direct marketing and personal profile training.
(f) Right to portability:
You have the right to receive your personal data free of charge in a comprehensible form that will allow you to access, use and process it using commonly used processing methods. Also, you have the right to ask us, if technically feasible, to transmit data directly to another controller. This right exists for the data you have provided to us and their processing is carried out by automated means based on your consent or in execution of a relevant contract.
To exercise any of these rights you can contact the Manager of our company Mr. Dimitrios Panagiotakopoulos at the postal address : Kolokotroni no. 12 – Agia Paraskevi Attica, email: firstname.lastname@example.org, phone : +30 210 6016945
7. Right of complaint to the APDPH
You have the right to file a complaint to the Personal Data Protection Authority (www.dpa.gr): Call Center : +302106475600, Fax: +30210 6475628, Email : email@example.com
8. Security of Personal Data
The OASIS O.Ε. implements appropriate technical and organisational measures aimed at the secure processing of personal data and the prevention of accidental loss or destruction and unauthorised and / or illegal access to them, their use, modification or disclosure. In any case, the way the internet works and the fact that it is free to anyone who has access to it do not guarantee that unauthorised third parties will never be able to violate the applicable technical and organisational measures by gaining access and proceeding possibly in the use of personal data for unauthorised and / or unlawful purposes.
9. Additional information in cases where personal data is collected by third parties and not directly by the natural person
It is possible our company to obtain health data from our affiliates or third parties ( eg., , Nursing homes, hospitals, diagnostic centers ), in case entrust us perform data processing on their behalf or at their behest.