P R I V A C Y P O L I C Y
‘’Rhodes Medical Care‘’ Clinic
– Data Protection
Krito ‘’Rhodes Medical Care‘’ Clinic (Krito ‘’RMC‘’ Clinic) is committed to protecting your privacy when you use our services. This privacy policy explains how we use information about you and how we protect your privacy.
This privacy policy is intended to comply with the European General Data Protection Regulation (GDPR), which is a part of the Greek Law.
Personal information can be anything that identifies and relates to and can identify a living person.
– What personal information about you does Krito ‘’RMC‘’ Clinic hold?
To provide you with a high standard of medical care and attention, we need to hold your personal information which includes details of your:
- Past and current medical condition;
- Personal details such as name, surname, date of birth, age, address, telephone number, email address, name of the hotel and number of the room and attending physician;
- Radiographs, clinical photographs and study models;
- Information about the treatment and services that we have provided or propose and the cost of such services and treatment;
- Notes of conversations and interactions between you and our staff of which a record needs to be kept;
- Records of consent to treatment; and
- Any correspondence relating to the above and to other health care professionals or organizations that relate to you.
We may also need to use some information about you to:
- to enable us to provide healthcare services for patients;
- manage those services we provide to you;
- help investigate any worries or complaints you have about your services;
- check the quality of services;
- data matching under the national fraud initiative;
- to help with research and planning of new services;
- supporting, training and managing our employees who deliver those services; and
- keep track of spending on services.
– Where the personal data originates from
The personal data held by Krito ‘’RMC‘’ Clinic may have been provided by:
- you;
- your parents, relatives or carers;
- GPs;
- other hospitals;
- ambulance personnel;
- local authorities;
- other private healthcare providers; and
- other third parties (including education providers and previous employers).
– How the law allows us to use your personal information
There are a number of legal reasons why we need to collect and use your personal information.
Generally, we collect and use personal information where:
- it is necessary to perform our statutory duties;
- it is necessary to protect someone in an emergency;
- it is required by law;
- it is necessary for employment purposes;
- it is necessary to deliver health or social care services;
- you have made your information publicly available;
- it is necessary for legal cases;
- it is to the benefit of society as a whole;
- it is necessary to protect public health;
- it is necessary for archiving, research or statistical purposes;
- you or your local representative, have given consent; and
- you have entered into a contract with us.
– Who the information may be shared with
Krito ‘’RMC‘’ Clinic may need to share the personal information we process with you and also with other individuals and organizations. Where this is necessary we are required to comply with all aspects of the GDPR.
Where necessary or required we share information with:
- patients;
- family, associates and representatives of the person whose personal data we are processing;
- staff;
- current, past or potential employers;
- healthcare, social and welfare organizations;
- suppliers to support systems, service providers, legal representatives;
- auditors and audit bodies;
- educators and examining bodies;
- survey and research organisations;
- professional advisers and consultants;
- police forces;
- security organisations; and
- central and local government.
– Why do we hold information about you?
We need to keep comprehensive and accurate personal data about patients to provide you with safe and appropriate medical care. We will ask you to regularly update your medical history and contact details.
– Disclosure of information
To provide proper and safe medical care we may need to disclose personal information about you to:
- Your general medical practitioner;
- Other hospitals, clinics or medical care services who have or will provide treatment to you;
- Other health professionals caring for you;
- Greek Social Security Authority;
- Any medical insurance or schemes of which you are a member; and
- Agents and Third parties as required by legal and law.
Disclosure will occur on a ‘’need-to-know‘’ basis. Only those individuals/organizations who need to know in order to provide care for you and for the proper administration by Government authorities and personnel (whose personnel are covered by strict confidentiality rules) will be given the information.
In very limited circumstances or when required by law or a court order, personal data may have to be disclosed to a third party not connected with your health care. In all other situations, disclosure that is not covered by this Code of Practice will only occur when we have your specific consent. Where possible you will be informed of these requests for disclosure.
– Access to your records
You have the right of access to the data that we hold about you and to receive a copy. Parents may access their child’s records if this is in the child’s best interests and not contrary to a competent child’s wishes. Formal applications for access must be in writing to the Practice Manager.
– If you do not agree
If you do not wish personal data that we hold about you to be disclosed or used in the way that is described in this Privacy Policy, please discuss the matter with us. You have the right to object; however, this may affect our ability to provide you with medical care.
You have a right to withdraw your consent at any time, however this will not be retrospective.
– How do your records help you?
Your records are used to guide and administer the care you receive. They help us to ensure that:
- We have accurate, up to date information about your health;
- You receive the best quality of care;
- Information is easily accessible by Krito ‘’RMC‘’ Clinic to assist us to make decisions about your healthcare needs; and
- Any concerns you may have about your health are properly investigated.
– Transfers
It may sometimes be necessary to transfer personal information overseas. When this is needed information may be transferred to countries or territories around the world. Any transfers made will be in full compliance with all aspects of the GDPR.
– Your rights
Under the GDPR you as a data subject have the following rights
- the right to be informed;
- the right of access;
- the right to accuracy and making changes (rectification);
- the right to erasure;
- the right to restrict processing;
- the right to data portability;
- the right to object; and
- the right not to be subject to automated decision-making.
– Ask for access to the information we hold on you
We would normally expect to share what we record about you with you whenever we assess your needs or provide you with services. However, you also have the right to ask for a copy of all the information, both paper and electronic, we have about you and the services you receive from us. We will aim to provide the requested information to you within 30 days, but if we are unable to do so then we will explain the problem to you. In most cases we will provide a copy of the information to you for free but there are some circumstances where we will need to charge.
However, at times we may not be able to share your whole record with you particularly if the record contains:
- Confidential information about other people; or
- Data, a professional thinks, will cause serious harm to your or someone else’s physical or mental wellbeing; or
- It might affect a police investigation.
– Ask to change information you think is inaccurate or incomplete
You should let us know if you disagree with something written on your file. We may not always be able to change or remove that information but we’ll correct factual inaccuracies and may include your comments in the record to show that you disagree with it.
– Ask to delete information
In some circumstances you can ask for your personal information to be deleted, for example:
- Where your personal information is no longer needed for the reason why it was collected in the first place.
- Where you have removed your consent for us to use your information (where there is no other legal reason for us to use it).
- Where there is no legal reason for the use of your information.
- Where deleting the information is a legal requirement.
Where your personal information has been shared with others, we’ll do what we can to make sure those using your personal information comply with your request for erasure.
Please note that we can’t delete your information where:
- we’re required to have it by law;
- it is used for freedom of expression;
- it is used for public health purposes;
- it is for, scientific or historical research, or statistical purposes where it would make information unusable; or
- it is necessary for legal claims.
– Ask to limit what we use your personal data for
You have the right to ask us to restrict what we use your personal information for where:
- you have identified inaccurate information, and have told us of it; and
- where we have no legal reason to use that information but you want us to restrict what we use it for rather than erase the information altogether.
When information is restricted it can’t be used other than to securely store the data and with your consent to handle legal claims and protect others, or where it’s for important public interests of Greece.
Where restriction of use has been granted, we’ll inform you before we carry on using your personal information. Where possible we’ll seek to comply with your request, but we may need to hold or use information because we are required to by law.
– Ask to have your information moved to another provider (data portability)
You have the right to ask for your personal information to be given back to you or another service provider in a commonly used format. However, this only applies if we’re using your personal information with consent (not if we’re required to by law) and if decisions were made by a computer and not a human being. It’s likely that data portability won’t apply to most of the services you receive from Krito ‘’RMC‘’ Clinic.
– Security
Krito ‘’RMC‘’ Clinic is committed to ensuring that your information is secure. In order to prevent unauthorized access or disclosure we have put in place suitable physical electronic and managerial procedures to safeguard and secure the information we collect.
– Retaining information
We will retain your medical records while you are a patient of Krito ‘’RMC‘’ Clinic and after you cease to be a patient, for at least eleven years, or for children until age 25, whichever is the longer.
– Cookies
A cookie is a simple text file that is stored on your computer or mobile device by a website’s server and only that server will be able to retrieve or read the contents of that cookie. Each cookie is unique to your web browser. It will contain some anonymous information such as a unique identifier and the site name and some digits and numbers. It allows a website to remember things such as your preferences or remembers your details when filing out a form. They are controlled by your computer. If you visit the ‘’Tools‘’ section in your browser menu, you will find details of your cookies settings. You can set your browser to warn you before accepting cookies, or you can set it to automatically reject them.
Krito ‘’RMC‘’ Clinic does not make direct use of any cookies other than those required to maintain the security of your information.
– Google Analytics
The Krito ‘’RMC‘’ Clinic website uses Google Analytics, a web analytics service provided by Google, Inc. (“Google”). Google Analytics uses cookies, which are text files placed on your computer, to help the website analyze how users use the site.
By using this website, you consent to the processing of data about you by Google in the manner and for the purposes set out above.
– Links to other websites
The Krito ‘’RMC‘’ Clinic website contains links to other websites of interest. However, once you have used these links to leave the Krito ‘’RMC‘’ Clinic website, we do not have any control over that other website. We cannot be responsible for the protection and privacy of any information, which you provide while visiting such websites, and such websites are not governed by this privacy statement.
– Future Changes
Krito ‘’RMC‘’ Clinic reserves the right to change this Privacy Policy at any time and notify you by posting an updated version of the statement on our website. Any updated Privacy Policy will apply between us whether or not we have given you specific notice of any change.