Our group of companies take into serious consideration the protection of privacy of its patients, clients and visitors. That is why we strictly follow this Personal Data Protection Policy, which ensures the high level of services we offer in line with the legislative framework in force.
The personal data protection legislative framework in this Policy refers to the General Data Protection Regulation (GDPR) (EU) 2016/679 on the protection of natural persons with regard to the processing of personal data, and any law or regulation issued subsequently, as well as any applicable national law in force on personal data protection in general, especially in the healthcare sector.
Your personal data is collected and stored for the absolutely necessary time, and for specified, lawful and transparent purposes in compliance with the legal framework securing confidentiality and protecting your data, which are in relation to the following scope:
This Policy specifies the terms and conditions followed by our Group for the general protection of the privacy of the patients, carers, visitors and other parties close to them, whose personal data may be processed with the aim of providing healthcare haemodialysis services . We aim to inform you on how we collect, store and process your information, such as personal data provided by you or your insurer when you choose to receive healthcare services from our Group, or health information arising from the provision of our services and your medical file. The scope is as it follows:
- The advancement of the dialysis treatment
- The prescription of the medication by the supervised doctor
- The medical diagnosis and the constant medical assistant
- The transportation of the patients by the ambulances or the companies cars
- The legitime paperwork for the patients` benefits by the National Organization for the Provision of Healthcare Services
- The Protection of the patients` vital interests
- The general assistance by the personnel of the clinic
- The notification to the he National Organization for the Provision of Healthcare Services or to any Private Organization for the patient`s monthly insurance and fully covering of their treatment care in compliance with the legal framework.
- The personal data might be transferred to private and/or public insurance companies, and/or associates/processors, and/or competent judicial, police or tax authorities within and outside the EU, in compliance with the legislative framework in force.
- Therefore the data acquired for the aforementioned purposes , might be transferred to private or public insurance bodies such as the National Organisation for the Provision of Healthcare Services, based on ours and also your legal relationship with them (e.g. the prescription of your medication to the National Organisation for the Provision of Healthcare.
- Both Nephrolife and Filoxenia store and possess special category data, i.e. medical history, medical tests and medical procedures, submitted by you or another natural or legal person on your behalf, and the medical data arising from the provision of medical services – healthcare services by our Clinics for the purpose of providing haemodialysis treatment – and healthcare services based on preventive or professional medicine, medical diagnosis, the protection of your vital interests.
Please note that we store and possess the personal data which are vital for the medical services provision and only when we receive your approval on that.
Please note that you should authorise a relative or caring person if you wish to let them know about your medical file and medical progress or act on behalf of you.
Your rights regarding personal data protection
The legislation on protection of your personal data gives you the following rights, which you may exercise free of charge in principle and based on the provisions of the legislative framework:
- Right of access, in order to obtain information about the purposes and the legal foundation for the collection and processing of your data as well as the period for which it will be stored.
- Right to rectify any inaccurate personal data or supplement any incomplete personal data, by submitting a relevant form with your accurate personal data to the Clinics.
- Right to erase your personal data in the following cases: (i) your personal data is no longer necessary in relation to the purposes for which it was collected (ii) when you withdraw the consent on which the processing of your personal date is based and there is no other legal ground for the processing; (iii) when your personal data was processed without the necessary legitimate grounds; (iv) when your personal data has to be erased for compliance with a legal obligation
- Right to object to the processing of your personal data, unless there are compelling legitimate grounds for the processing.
- Right to withdraw the consent you had provided (with no retroactive effect) at any time for an issue relating to the protection of simple personal and health data
These rights may be restricted due to the another law, as for example in the case you request erasure of data, but we are under the obligation to keep it according to the law.
For any of the above or to resolve any issues as to the personal data protection legislation in force, you may contact our Group on email@example.com and we will respond to your request as soon as possible.