The company registered under the name ” NOTIA MEDCARE PRIVATE POLYCLINIC, DENTAL CLINIC, MEDICAL SINGLE-MEMBER SOCIETE ANONYME” and the distinctive title “NOTIA MEDCARE HEALTH & LONGEVITY”, with Tax Registration Number (A.F.M.) 802440979, based in Glyfada, Attica, Southern Sector of Athens, 127 Vouliagmenis Avenue, P.C. 16674, contact phone: +30 214 4444 200, e-mail: longevity@notiamedcare.eu, operates as ” Data Controller.

If you wish to contact us regarding any matter related to the processing of your Data and the exercise of your rights, you may address the Data Protection Officer (DPO) of the Companies at the following email address: dpo@notiamedcare.eu.

1. A few words about the website Notiamedcare.eu

The website NotiaMedcare.gr is the online presence of the company NOTIA MEDCARE HEALTH & LONGEVITY (hereinafter the “Provider” or “we”).

The personal data you provide to us while browsing our website or by completing the contact form on our website, are subject to processing and will be stored in a file under the responsibility of the Provider.

2. What is Personal Data?

The term “personal data”, as used in this Policy, refers to information concerning natural persons, whether private individuals or professionals, such as name, surname, postal address, email address, contact telephone number, etc., which can be used to identify a website visitor (hereinafter “Personal Data or Data”).

3. What is Personal Data Processing?

Processing of Personal Data means any operation or set of operations which is performed on personal data or on sets of personal data, such as the collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction of Personal Data of natural persons.

4. Which Data do we collect?

A) During your visit and browsing on our website

We collect your Personal Data that you choose to provide to us during your browsing (e.g., by completing and sending messages and your data via our website’s contact form).

We may also process technical connection/usage data (e.g., IP address, device/browser identifiers, date/time of access, security logs) for network and information security purposes.

Furthermore, any Data collected by technically necessary cookies, which are strictly essential for the operation of our website and are always enabled without the possibility of deactivation, as well as data from cookies that you have permitted to be used through your consent (“non-essential cookies”), may be subject to processing. Detailed information on cookies can be found in the Cookies Policy, Access to the Website is not conditional upon accepting non-essential cookies; the cookie banner provides equivalent options to accept and to reject/manage non-essential cookies, and consent can be withdrawn as easily as it is given.

B) Upon sending a message via the contact form

We may collect various information, such as your name, postal address, telephone number, email address, and your message. The processing of this data is carried out by the Provider operating as data controller, exclusively for the purpose of responding to the message and providing the requested information or service. Please do not include health data or other special categories of data unless it is strictly necessary for the handling of your request.

C) If you have consented to us sending you informational material (newsletter)

We collect and record your email address, your name/surname or company name, and your telephone number in the newsletter list you selected upon registration. Depending on your choice, your details are registered only in the corresponding newsletter. Additionally, we process data related to your interaction with our informational messages (e.g., whether the message was read). Where applicable, we implement a double opt-in process and maintain consent records (consent logs) to demonstrate the lawfulness of newsletter communications.

D) Upon registration to our patient portal / or logging into your account

Registration to the Patient Portal

Upon registration to the Patient portal, you are asked to provide basic information for the creation of your account, such as name, surname, email address, telephone number, date of birth, selected language of communication, as well as the creation of a username and password.

Logging into an existing account

When logging into an existing account on the Patient Portal, you are asked for the username and password you created during registration.

Furthermore, data related to the provision and management of the services you use are subject to processing. Specifically, these include:

1. Basic natural person details: Name, surname, address, telephone number, email.
2. Online identifiers: Username and password for your account.
3. Unique identifiers: Patient code, AMKA (Social Security Number) or other system identifiers.
4. Appointment data: Date, time, participants in the session.
5. Health Data: History from services received from the Provider, completion questionnaires sent for scheduled services, information related to scheduled service appointments.

Telemedicine Sessions

During the telemedicine session, the above data, plus image data, are subject to processing: Live video of the telemedicine session (without recording).

Should recording of the session be required, you will be informed prior to the recording and asked for your explicit consent for the processing of this data. This consent is for the purpose of the specific telemedicine session recording, in accordance with the General Data Protection Regulation (GDPR), and relates exclusively to the use of the data.

When you connect to the Patient Portal, the Provider has access to the portal. Access and viewing of your data are determined by the services you have received from the Provider.

If telemedicine recording is ever enabled, we will request your explicit consent for that specific recording and apply appropriate safeguards, including defined retention and restricted access.

E) Via the CV submission form

We collect data such as your name, surname, home address, and contact details, such as email address and telephone number, as well as data and information regarding your qualifications, skills, professional experience, and employment history, as derived from your Curriculum Vitae (CV) submitted via the CV form.

If you include special categories of data (e.g., health data) in your CV, such data will be assessed only if strictly necessary and to the extent permitted by applicable law.

5. Do we process Minors’ Data?

In general, we do not process Data of minors, as our website services are not addressed to them. If we discover that we have collected Data of a minor without a legal basis for doing so, we will proceed with the immediate erasure of the Data. If the Website/portal is used for services involving minors (e.g., appointments), communications and account handling will take place through the parent/guardian or lawful representative, in accordance with applicable law and the requirements applicable to health data. Otherwise, the provisions set out in Chapters 6 and 7 of this information document also apply to minors.

6. For what purpose do we process your Data?

We process your Data exclusively for the purposes of the services provided by us, as well as for the overall smooth operation of our website, and specifically for:

a) Providing you with the online services supported by our website and the portal, such as registration, access to your history, appointment scheduling, payment for services, preparation for medical procedures, and the provision of telemedicine services to you.

b) Communicating with you using the details you provide via the contact form.

c) Compliance with obligations imposed by the applicable legislation.

d) Ensuring information security and the proper functioning of the website.

e) Sending you newsletters regarding products and services.

f) Promoting our services.

g) Monitoring website and patient portal traffic for statistical purposes and service improvement, and installing cookies that enhance our online visibility, such as cookies that understand how visitors use a website, cookies for displaying advertisements more relevant to your interests, and cookies set by a range of social media services that may have been added to the website.

h) Evaluating your candidacy, professional qualifications, suitability for the position to be filled, and your participation in the personnel selection process.

i) Promoting the Provider on social media and online search engines.

j) Handling and documenting data subject rights requests and liaising with the Hellenic Data Protection Authority.

k) Compliance documentation (accountability), including record-keeping and personal data breach management.

7. What is the legal basis for the processing of your Data by us?

The processing of website users’ data is based on the following legal grounds.

Specifically:

A) For the provision of online services supported by our website and the patient portal, such as registration, access to your history, appointment scheduling, payment for services, preparation for medical procedures, and the provision of telemedicine services to you, the processing is necessary for the performance of a contract to which you are party with the respective Company upon receiving the service [Article 6(1)(b) GDPR], and for special categories of data, the processing is necessary for the purposes of preventive or occupational medicine, medical diagnosis, the provision of health or social care or treatment or the management of health or social care systems and services [Article 9(2)(h) GDPR].

B) For communicating with you regarding matters for which you used the contact form (purpose “b”), promoting our services (purpose “f”), promoting the Companies on social media and online search engines (purpose “i”), and ensuring information security and the proper functioning of the website (purpose “d”), including technically necessary cookies, the legal basis for processing is the legitimate interests pursued by our Companies [Article 6(1)(f) GDPR].

In particular, processing for purposes “f” and “i” aims to increase the reach of our website and services through our website and social media accounts; processing for purpose “b” aims to maintain effective communication channels with our clients and partners and increase their satisfaction level; and processing for purpose “d” aims to ensure the proper functioning of the website through the use of technically necessary cookies and the protection of data and intellectual property of both our Companies and website visitors.

C) If you provide health-related information via the contact form, this data (special category data will be processed solely to handle your specific request. The appropriate Article 9 GDPR condition will be determined case-by-case (e.g., Article 9(2)(h) where the processing is necessary for the provision of health care by professionals subject to confidentiality, and/or Article 9(2)(a) explicit consent where required).

D) For the processing of your Data for the purpose of sending newsletters (purpose “e”) and monitoring website traffic and the use of non-essential cookies (purpose “g”), the lawfulness of the processing is based on your consent, which you provide to us electronically via the newsletter subscription forms on our website and the relevant cookie banner, respectively. For more information on the Cookies Policy.

E) The processing of your personal data for the evaluation of your candidacy, professional qualifications, and your participation in the personnel selection process (purpose “h”) is necessary in order to take steps at the request of the data subject prior to entering into a contract [Article 6(1)(b) GDPR], specifically for the reasonable and lawful conduct of personnel selection procedures, while ensuring the protection of your data.

F) The processing of your personal data for compliance with obligations imposed by the applicable legislation is based on the Provider’s compliance with a legal obligation under national and European law [Article 6(1)(c) GDPR].

8. Who are the recipients of your Data?

The recipients of your data are, as a rule, the necessary personnel of the Companies in each case, who have received the appropriate information regarding the secure processing of your personal data.

In addition, recipients of your Data include:

1. Natural and legal persons to whom the Companies assign the performance of specific tasks on their behalf, such as website support and server hosting providers, IT system support partners (e.g., accounting software, service history programs), collaborating archiving and cloud support companies, email service providers and teleconferencing service providers, accounting service partners, etc. These collaborating persons, who act as processors of Personal Data, have been informed and committed in advance to maintaining the confidentiality of your Data, know and follow our instructions regarding the processing of Personal Data, and take all appropriate measures for their protection. Where third parties act as processors, they are bound by a written data processing agreement pursuant to Article 28 GDPR, including confidentiality, security measures, assistance with data subject rights, and rules on sub-processors.
2. Supervisory, auditing, independent, judicial, public, and/or other authorities and bodies within the scope of their statutory competencies, duties, and powers (such as the Independent Authority for Public Revenue (AADE), etc.) when disclosure to them is required by law or provided for therein.
3. Lawyers, law firms, judicial officers, experts, and technical experts in any case of legal action for the purpose of safeguarding our rights and interests.
4. Social media providers, where they act as joint controllers with the Companies for the purpose of displaying relevant advertisements on social media using social media audience targeting tools and capabilities.

9. Do we send your Data outside the European Union/European Economic Area?

We do not send your Data outside Greece. Your Personal Data is stored and processed only within Greece.

As a rule, we seek to ensure that storage and processing take place within the EU/EEA. Where the use of certain providers may involve transfers outside the EU/EEA (e.g., specific analytics, advertising tools, or newsletter platforms), such transfers will take place only subject to appropriate safeguards (e.g., Standard Contractual Clauses) and, where required, supplementary measures.

The Provider may transfer your data to third countries outside the EEA if:

a) An adequate level of protection is ensured according to the European Commission by the third country, a territory, or one or more specified sectors within that third country; or
b) Appropriate safeguards for their processing have been provided by the recipient, based on law.

If none of the above conditions apply, a transfer may occur if:

a) You have provided us with your explicit consent for this purpose; or
b) The transfer is necessary for the performance of your contract with us; or
c) The transfer is necessary for the establishment, exercise, or defence of legal claims or the defence of our rights; or
d) There is a relevant obligation of the Provider arising from a legal provision or an international agreement.

10. When do we erase your Data?

The account you create in the portal is maintained for an amount of years from your last visit, and due to inactive use of the account, and after we notify you in advance of its deactivation.

For the history of services related to medical procedures through the portal, the data is included in your medical record and follows the retention periods stipulated by the Code of Medical Ethics, i.e., ten (10) years for primary health care services and twenty (20) years for secondary health care services, or for a longer period if required by law or for the support of legal claims.

The personal data you provide us through the contact form is retained for as long as necessary to fulfill your request. In any case, the data are erased within one (1) year from the date of submission.

We erase the Data subject to consent for sending the newsletter as soon as you declare that you no longer wish to receive newsletters by selecting the link (Click here to unsubscribe from the “newsletter mailing list”) or by selecting “unsubscribe” in the option displayed in the newsletter messages you receive, or within 1 year from the last newsletter sent.

Any Personal Data maintained in our server’s security logs for information security purposes (e.g., IP) are erased within an amount of months.

We erase the Data collected by Cookies in accordance with the Cookies Policy.

11. Is your Data secure?

We are committed to safeguarding your Personal Data. We have implemented appropriate organisational and technical measures for the security and protection of your Data against any form of accidental or unlawful processing.

These measures are reviewed and amended when deemed necessary. We apply access controls, strong authentication (including 2FA where appropriate), encryption in transit (TLS/HTTPS) and, where appropriate, encryption at rest, audit logging, incident response procedures, and staff training. In the event of a personal data breach, we follow an assessment procedure and, where required, notify the Hen Authority and inform affected data subjects pursuant to Articles 33–34 GDPR.

12. What are your rights?

You have the right of access to your Personal Data

This means you have the right to be informed by us whether we are processing your Data. If we are processing your Data, you can request to be informed about the purpose of the processing, the type of your Data we hold, to whom we disclose it, how long we store it, whether automated decision-making occurs, as well as your other rights, such as rectification, erasure, restriction of processing, and lodging a complaint with the Hellenic Data Protection Authority.

You have the right to rectification of inaccurate Personal Data

If you find an error in your Data, you can submit a request to us to correct it (e.g., correction of name or updating a change in telephone number).

You have the right to erasure / right to be forgotten

You can ask us to erase your Data if it is no longer necessary for the aforementioned processing purposes or if you wish to withdraw your consent in cases where it is used as the legal basis for processing.

You have the right to data portability

You can ask us to receive the Data you have provided in a readable format or ask us to transmit it to another controller, when the processing is based on your consent or is necessary for the performance of a contract between us.

You have the right to restriction of processing

You can ask us to restrict the processing of your Data for the time period during which your objections regarding the processing are pending, or if part of the processing is no longer required for the fulfillment of the purposes for which your data was collected.

You have the right to object to the processing of your Data

You can object to the processing of your Data when it is carried out in pursuit of our legitimate interests, and we will cease processing your Data unless there are other compelling and legitimate grounds that override your right.

Right to withdraw your consent

In cases where the processing of your Data for a specific purpose is based on your prior consent to the processing, you have the right to withdraw your consent, with the result that the processing will not continue in the future.

You also have the right to be informed about recipients/categories of recipients and, where applicable, about transfers outside the EU/EEA and the safeguards relied upon.

13. How can you exercise your rights?

To exercise your rights, you can send us a relevant Request either to the postal address of the Provider ( NOTIA MEDCARE HEALTH & LONGEVITY, 127 Vouliagmenis Avenue, P.C. 16674 Glyfada, Attica), or to the email address (dpo@notiamedcare.eu) with the subject line “Exercise of the right of access/rectification/erasure/portability/restriction/objection”.

14. When do we respond to your Requests?

We respond to your Requests free of charge without undue delay, and in any event within one (1) month of receiving your request. However, if your Request is complex or there is a large number of Requests, we will inform you within the month if we need an extension of another two (2) months within which we will respond to you.

If your Requests are manifestly unfounded or excessive, particularly due to their repetitive nature, the Company may impose a reasonable fee, taking into account the administrative costs of providing the information or taking the requested action, or refuse to act on the Request.

15. Right to lodge a complaint

In the event that you consider that:

a) your request was not adequately and lawfully satisfied, or

b) your right to the protection of your personal data is infringed by any processing we carry out,

you have the right to lodge a complaint with the Hellenic Data Protection Authority. (Complaint to the Hellenic DPA | Hellenic Data Protection Authority)

16. Do we use automated decision-making / including profiling during the processing of your Data?

We do not make decisions, nor do we engage in profiling, based solely on the automated processing of your Data.

We use “cookies” on our website, always after informing you and obtaining your consent for the cookies that require consent.

Any use of AI tools, where applicable, is supportive and does not involve solely automated decision-making producing legal or similarly significant effects within the meaning of Article 22 GDPR.

17. How will you be informed of any modifications to this Policy?

We will update this Policy whenever necessary. If there are significant changes to the Policy or the way we use your Personal Data, we will notify you either by posting a notice in a prominent place before the changes take effect or by any other appropriate means. We encourage you to regularly read this Policy to know how your Data is protected.