In this Privacy Notice, terms such as “company”, “we“, “us, “our” or similar expressions shall mean the “FIVI Fertility and IVF Center”, part of the “European Interbalkan Medical Center”, branch of “Athens Medical Center S.A.”, based in Greece, with its registered seat at 5-7 Distomou street, Maroussi – Attica, Tax Identification Number 094129169, Tax Office of Athens for the Taxation of Sociétés Anonymes.
If you are under 18 years old (a child), or you are reading this on behalf of a child for whom you have parental responsibility, please refer to 11. CHILDREN AND PRIVACY.
- LEGAL FRAMEWORK
We are a “controller” under the General Data Protection Regulation (GDPR) and L.4624/2019 (hereinafter “Applicable Legislation”). This means we are responsible for deciding how we use the personal data that we collect about you and, in accordance with the Applicable Legislation, we ensure that the personal data we hold about you is, at all times:
- used fairly, lawfully, and transparently;
- collected for limited, specific purposes only;
- adequate, relevant to and limited to what is necessary for those purposes;
- kept accurate and up-to-date;
- not kept for longer than is necessary; and
- held securely.
- PERSONAL DATA WE COLLECT ABOUT YOU
The term “personal data” means any information about an individual from which that person can be identified.
When visiting or interacting with our Website, we may collect the following personal data:
- Full name (name and surname)
- Email address
- Mobile phone number
- Technical Data: Certain data is automatically generated and collected by us when you use the Services such as your IP address, MAC address and other device identifiers; your clickstream when you use the Services (including date and time); pages you viewed or searched for; length of visits to certain pages; page interaction information (such as scrolling, clicks, and mouse-overs); methods used to browse away from the page. For further information on this matter, please read our Cookies Policy.
- Any further information you provide us freely by using our online contact form.
Not all of the list above will necessarily apply to you – it depends on your use of the Services and your particular interaction and communications with us. Please refer to 4. HOW AND WHY WE USE YOUR PERSONAL DATA below.
- SPECIAL CATEGORIES OF PERSONAL DATA / SENSITIVE DATA
The term “special categories of personal data” or “sensitive data” means any sensitive information revealing racial or ethnic origin and related to health data, amongst other.
When visiting and interacting with our Website, we may collect and use information which may reveal further racial or ethnicity details about you.
- HOW WE COLLECT YOUR PERSONAL DATA
We collect your personal data when provided directly by you by interacting or corresponding with us (including via email or telephone).
We collect the Technical Data automatically as you interact with our Services by using cookies and other similar web technologies. Please refer to our Cookies Policy for more information.
- HOW AND WHY WE USE YOUR PERSONAL DATA
We shall only use your personal data where Applicable Legislation allows us to. In this context, we collect and use personal data on the following legal bases:
- it is necessary for us to be able to communicate with you upon request;
- it is necessary for our legitimate interests under the condition that your interests and fundamental rights do not override those interests;
- if we have your consent which you can withdraw at any time; or
- to comply with a legal obligation, e. rules laid down by law, courts, statute or regulation.
Accordingly, we lawfully use your personal data in the following purposeC:
Delivering the Services: We mainly use your freely provided personal data (sensitive or not) so that we can deliver the Services to you in an effective, efficient, accurate and secure way. Without it we would not be able to deliver a tailored service to you or respond to issues with these Services that are identified by us or you, or ensure you get the most out of your experience. Therefore, we use this data on the basis that it is necessary for us to be able to perform our agreement with you (i.e. the terms and conditions of the relevant Services) and for our legitimate interests of delivering the Services in this way.
Operating the Services: We also use your Technical Data in order to operate and administer the Services including as necessary for testing, analysis, maintenance, support, reporting and hosting of data. Therefore, we use this data on the basis that it is necessary for our legitimate interests of operating the Services in this way. We also use Technical Data together with certain Identity Data and Contact Data to assist in security and fraud prevention, system integrity (such as preventing hacking, cheats and spam) and/ or to facilitate our response to a legal process. Therefore, we use this data on the basis that it is necessary both for our legitimate interests in protecting the Services in this way and in order that we can comply with a legal obligation.
Newsletters and Communication: Upon your explicit consent, we may use your Contact/Communication Data to inform you of our news, offers and events which may be of interest to you. In this case, with all due respect to your rights, we shall always give you the “opt-out” option in order to withdraw your consent.
We will only use your personal data for the purposes for which we collected it as described above, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.
What if you do not want to share your personal data?
Unless otherwise specified above, generally we collect your personal data on a voluntary basis. However, please note that if you decline to provide certain mandatory personal data, you may not be able to access the Services and we may be unable to fully respond to any inquiries you make.
- DISCLOSURE OF YOUR PERSONAL DATA
We may disclose or share your personal data in the following circumstances:
Third Party Service Providers. We engage third party businesses to provide services to us or to you on our behalf, such as support for the internal operations of our Services (and related services), communications, data storage and delivering communications.
In providing their services, they may access, receive, maintain or otherwise use personal data on our behalf. Our service providers only use your personal data in accordance with our strict instructions to provide the relevant services and are not permitted to use your personal data for their own purposes, unless authorized by us to do so. Where this is the case you will be notified by us and provided with their privacy policies so you can understand how they will treat your personal data.
Legally Required. We may also disclose your personal data if we believe we are required to do so by law, or that doing so is reasonably necessary to comply with legal processes.
Notwithstanding anything else in this Privacy Notice, we may share aggregate or de-identified information with third parties for research, marketing, analytics and other purposes, provided such information does not identify a particular individual and the individual cannot be re-identified.
- TRANSFERRING YOUR PERSONAL DATA OUTSIDE THE EU
Some countries outside of the European Union (EU) do not have laws that protect privacy rights and personal data as extensively as countries within the EU. We do not generally or routinely transfer personal data outside of the EU but some of the organisations to which we may disclose personal data may be situated outside of the EU. If we do transfer your personal data outside of the EU, we will ensure that your personal data is protected to a similar degree, in accordance with the Applicable Legislation. You can find further information about these safeguards at https://ec.europa.eu/info/law/law-topic/data-protection_en.
- SECURITY OF YOUR PERSONAL DATA
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed (hereinafter jointly mentioned as “Data Breach”). In addition, we limit access to your personal data to those employees, contractors and other third parties who have a business need to know. They will only use your personal data on our instructions, and they are subject to a duty of confidentiality.
We have already put in place procedures to deal with any suspected Data Breach and will notify you and any applicable regulator where we are legally required to do so.
Where we have given you or you have chosen a password which enables you to access certain Services, you are responsible for using reasonable care in keeping this password confidential.
- LINKS TO OTHER SITES
The Services may contain links to other websites, applications and environments that are not owned or controlled by us (hereinafter “Other Sites”). The owners and operators of those Other Sites are responsible for their collection or use of your personal data and you should check their respective privacy policies. Unless specifically referred to otherwise, this Privacy Notice concerns the Services only and not the Other Sites.
- DATA RETENTION
We only keep your personal data for as long as necessary to fulfil the purposes we collected it for (see 4. WHY WE USE YOUR PERSONAL DATA), including for the purposes of satisfying any accounting, reporting or other legal requirements.
To determine the appropriate retention period, we review – in addition to the purposes of use and how we can achieve them – other relevant factors such as the nature and scope of the personal data, the potential risks to data subjects from a Data Breach, and the applicable legal requirements, for example the limitation period for which legal claims can be made in court.
- YOUR RIGHTS
Under Applicable Legislation, you have certain rights (depending on the circumstances) in connection with your personal data, which include:
– Request access to your personal data (commonly known as a “data subject access request”). This enables you to receive a copy of the personal information we hold about you and to check that we are using it lawfully, provided always that this does not adversely affect the rights and freedoms of other people;
– Request correction of the personal data that we hold about you. Where any of the information we hold about you is incorrect or incomplete we will act promptly to rectify this, including where you have requested us to do so;
– Request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no appropriate reason for us continuing to use it. You also have the right to ask us to delete or remove your personal data where you have exercised your right to object to our use (see below);
– Object to use of your personal data where we are relying on our legitimate interests (see above) and there is something about your particular situation which makes you want to object to our use on this ground;
– Withdraw your consent to our use of your personal data where we do so in reliance on your consent. Once we have received notification that you have withdrawn your consent, we will no longer use your personal data for the purpose or purposes you originally agreed to, unless we have another legitimate basis for doing so by law;
– Request the restriction of use of your personal data. This enables you to ask us to suspend the use of personal data about you, for example if you want us to establish its accuracy or the reason for using it; and
– Request the transfer of the personal data you have provided, on the basis of consent or for a contract with us, to you or a third party where technically feasible.
We are committed to respecting your rights. You may action your rights (as may be applicable) by contacting us using the details provided below and we will reply to your requests within a one-month period from your request and its authentication, unless we have a lawful and sustainable reasons to expand this period for no longer than two additional months or even lawful reasons not to do so.
Requests should be made in writing and to ensure that personal data is dealt with carefully and confidentially we will require the requestor to provide verification of their identity and all applications must be accompanied by copies of one official document, which shows your name, date of birth and current address (e.g. passport, ID or driving license).
In responding to such requests, we will explain the impact of any objections, restrictions or deletions requested.
We will not charge you a fee to exercise your rights unless your request is clearly unfounded or excessive, in which case we may charge you a reasonable fee. Alternatively, we may refuse to comply with the request in such circumstances.
You also have the right to make a complaint at any time to the Hellenic Data Protection Authority (www.dpa.gr) or your country’s equivalent authority.
- CHILDREN AND PRIVACY
It is important to us that children can enjoy our Services in a responsible manner. We encourage parents and guardians to supervise their children’s online activities by, for example, adopting control tools available from online services and software suppliers that help provide a child-friendly online environment including by preventing children from disclosing their personal data online without parental permission.
We are committed to safeguarding children’s personal data collected online, and to helping parents and guardians and their children learn how to exercise control over personal data while exploring the Internet.
If you are under 18 years old (a child), we will require permission from your parent or person with parental responsibility in order for you to register to our Services. If you are a child, you will be asked to give the name and email address of the person with parental responsibility for you. A confirmation email will then be sent to them. We also reserve the right to take other reasonable steps to confirm parental responsibility.
All personal data in respect of non-authorised child accounts is deleted immediately where parental consent has been refused and if a child’s account is not verified within a month from the data provision date.
- Contact Us
If you have any questions about this Privacy Notice or how we handle your personal data, please contact us using the following contact details:
ATHENS MEDICAL CENTER S.A.
Data Protection Officer (DPO)
1 Filadelfeos & Kefalariou
14562, Kefalari Kifisia