In our daily activities we process data regarding natural persons:
- Clients / Patients
- Visitors of our website
- Other interested parties (employees, suppliers)
Our Company complies with the General Data Protection Regulation (2016/679 EU GDPR) and any other European and national legislation concerning the protection of personal data, the code on the exercise of the medical profession, electronic communications etc. and is committed to ensuring the protection of your Data at all times:
- Data is collected for specific, explicit and legitimate purposes and is not further processed incompatibly with these purposes.
- We collect the personal data necessary for any processing purpose, and we process them legally, fairly and in a transparent manner with respect to the data subjects.
- We ensure, as far as possible, that they are accurate and up-to-date, and retain them only for the period necessary for the purposes for which they are processed.
- In any case, the criterion we use for the determination of the storage period is based on and duly takes into consideration the need to comply with any relevant legal requirement as well as the data minimization principle .
- We process the Data electronically and manually and take all suitable measures for the protection of personal data, including protection against unauthorized or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organizational measures .
Collection, purpose, legal basis for the processing and time of keeping your data
- Data we collect automatically through our website
The website www.kyritsis-orthopedics.com uses the SSL (Secure Sockets Layer) protocol which uses methods of encrypting the data exchanged between two devices (most commonly Computers), establishing a secure connection between them through the Internet, which results in the protection of your personal data.
When you visit our website, our server collects the so-called server logs (log files), and specifically:
- Date and time of entry to the website.
- The volume of data sent in bytes.
- The browser and the operating system you used to access the website.
- Internet protocol address (IP address), when you enter the site. The IP address is personal data along with the date and time of your visit, although we cannot locate you with this data alone.
The legal basis on which we collect your IP address and keep it in special files (logs) is our legitimate interest in the processing of this data in order to ensure the safety of networks, information and services from accidental events or unlawful or malicious actions that compromise the availability, authenticity, integrity and confidentiality of stored or transmitted data (e.g. ddos "denial of service" attack control) as well as our legal obligation to provide a safer environment for the processing of your personal data (GDPR article 6 paragraph 1 f and c). Data will not be transferred or used in any other way. However, we reserve the right to check the server logs if specific indications of unauthorized use are detected.
- Patient/Client Data
When you visit us, we collect personal information about you, such as full name, surname, E-mail, postal address and contact details, gender, as well as any financial and medical data contained in the Order Bulletins of orthopedic items/constructions that we perform for you.
The purpose of your data processing is to provide the requested paramedic services to you and the legal basis of the processing is the execution of the contract between us (article 6 par. 1b and 9 par. 2g GDPR). Your data keeping time is twenty years, so that we can serve you in the long run (repetitive constructions, monitoring progress etc.).
- Data we collect via email and contact form
In the context of communication between us via email and contact form on our website, we collect your name, your email address and any other information you provide us. This data is stored and used exclusively to respond to your request. The legal basis for the processing of your personal data is your consent (GDPR, article 6 par. 1a). Your data will be deleted after the final processing of our communication. This will happen after we reach the purpose and scope of our communication and scope of our communication, provided that there are no legal requirements for storing such data.
- Suppliers' data
For the execution of the contract between us, we collect the data that our suppliers themselves provide us, such as name, address, contact details, shipping details, financial data. The legal basis for the processing of your data the execution of the contract and our compliance with legal obligations (GDPR article 6 par. 1b and c) and we retain it for up to twelve years since the last provision of services, or as long as required by tax and any other relevant legislation.
- Facebook page
Our Company has a Page on the Facebook social networking platform. You can contact us through our page in order to get more information about our services via the messaging option. In order to answer your relevant queries, we collect and process your username on Social Media as well as other information that is publicly available through your profile. Sending the message itself, in order to communicate with us, implies your consent to the above-mentioned processing of your data.
In case you choose to "connect" to our page by clicking "like", it implies that you consent to view the news and promotions (via newsfeed) that are performed by the Company through its social media page. If you do not wish to receive such updates, you can press the option "Unlike", "Unfollow" etc.
We take all security measures (technical and organizational) for the safety of data processing through Facebook and other social media networking such as limiting the number of people who have access to manage our social media account. Our company is not responsible for the way or means social networking platforms process your data. You can get informed about the processing of your data from the Facebook social networking platform via the link.
Who has access to your data. Data transfers.
Your data is accessible to our employees and any other person authorized to process your data throughout his/her duties. Moreover, we cooperate with third parties, natural or legal, professionals, independent consultants etc. who provide us commercial, professional or technical services (e.g. website hosting, accounting services) for the above-mentioned purposes, and support our Company fully or partially, in relation to our activities. Τhese natural/legal persons will act, where appropriate, as Joint or Independent controllers, Processors or persons authorized to process personal data for the same purposes stated above, with the same security measures and in accordance with the applicable legal obligations.
Before the third party receives the Personal Data, we should: (1) complete a privacy check in order to evaluate the privacy practices and the risks associated with these third parties (2) to obtain assurances from these third parties, by contract, that they will process Personal Data in accordance with our instructions and in accordance with current Policy and applicable law, that they will immediately notify our Clinic of any Personal Data Protection or Security incidents, failure to comply with the standards set out in current Policy and existing legislation, that they will cooperate to rectify any such incident, that they will help us respond to the rights of the individuals defined below and that will allow the Controller to monitor their processing as regards compliance with these requirements.
Finally, the data can be further transmitted to public authorities and institutions, as well as to our legal supporters (legal and insurance companies), for legitimate purposes.
Apart from the aforementioned, the Data will not be disclosed to third parties, private individuals or legal entities and will not be disseminated.
Our Company does not transfer Personal Data outside the EU, and if necessary (for example in order to use Cloud services) it will do so in accordance with the terms and conditions set out in Articles 44 et seq. of GDPR, that is to say with your consent, the application of standard contractual clauses approved by the European Commission or in countries that are considered safe by the European Commission.
When needed to process minors data (e.g., minor patient data), i.e. according to GDPR, those who have not completed their 15th year, the processing is done only with the written and explicitly expressed consent of the persons having parental responsibility of the minor. In any case, we make reasonable efforts to verify that consent is provided or approved by the person who indeed has parental responsibility for the child, namely by authentication and control of every other detail available.
Cookies and relevant technologies
Cookies are small text files that are stored on the computer's hard disk or another electronic device which gives the user access to the website. Cookies are unique to each web browser (e.g. Google Chrome, Mozilla Firefox, Internet Explorer, Opera e.t.c.) and contain anonymised information which relate to the websites you visit and the devices you use.
Types of cookies we use:
a) Functionality cookies (required)
These cookies are responsible for the essential functions of our website and application. They are required in order to allow the user to browse our website and access its various sections. The provision of the basic services of the website is not possible without these cookies.
b) Statistical analysis and performance cookies
These cookies collect information about the way you use our site, such as the website from which your visit originated, the pages you visit most frequently, the browser you used, etc. We use them with a view to analyze traffic and improve the performance of our website. They collect aggregated, anonymous statistical information that cannot lead to the identification of the visitor.
Information about the Google Analytics service
You are able to completely block your data collection through Google Analytics by installing this add-on in your browser: https://tools.google.com/dlpage/gaoptout
c) Third-party cookies.
We also use a variety of external services such as Google Webfonts, Google Maps and external video providers. Since these providers can collect personal data such as your IP address, you can block them. Note that this can significantly reduce the functionality and appearance of our website. Changes will take effect once you reload the page.
You may decide separately or in whole for the acceptance of cookies during your visit to our website. You can also set your browser in such a way that you are informed about cookies settings and decide on their acceptance or exclusion. Each browser differs depending on how it manages cookies settings. This is described in the help menu of each browser, which explains how you can change your cookie settings. Follow the links below depending on the browser you use:
Please keep in mind that you must adjust settings separately on each browser and on each device you use. We also inform you that any restrictions on cookies will prevent you from making full use of some of our services and will not allow us to improve and personalize your navigation on our website.
Here you can see which cookies we use.
Joomla CMS Cookies
Social Media: twitter.com facebook.com google.com
Rights of Data Subjects
You can contact us by phone, mail or email at the addresses listed in paragraph (1) above, so that you can exercise your rights in accordance with Articles 15 et seq. of GDPR, namely the rights to information, access, correction, deletion (where relevant), limit the processing or object to the processing. For example, you can request an updated list of the individuals who have access to your data, receive confirmation of whether or not we will process personal data related to you, check their content, source, accuracy, and location (also with regard to any third country), request a copy, request their correction, and limit their processing, even their deletion, if applicable. Likewise, you can always report comments and submit complaints to the Greek Data Protection Authority, Kifissias Ave. 1-3, GR 115 23, Athens, Call Center: + 30-210 6475600 or at http://www.dpa.gr/