Talos Intuitive Care takes your privacy seriously into account. We are committed to maintain the highest level of protection when processing your personal data. Your personal data is collected and stored for specific, explicit and legitimate purposesand for a time period that is absolutely necessaryin view of the objective pursued. It is processed fairly, lawfully and transparently, in compliance with the legal framework in effect and in a way that guarantees data integrity and confidentiality. Please find useful information on our company’s data protection policy here below:
“personal data” means any information relating to an identified or identifiable natural person;
“genetic data” means personal data relating to the inherited or acquired genetic characteristics of a natural person, as arising, in particular, from an analysis of a biological sample from the natural person in question, which give unique information about the physiology or the health of that natural person;
“biometric data” means personal data resulting from specific technical processing relating to the physical, physiological or behavioral characteristics of a natural person, which allow or confirm the unique identification of that natural person;
“data concerning health” means personal data related to the physical or mental health of a natural person, including the provision of healthcare services, which reveals information about his or her health status;
“special category personal data” includes genetic data, biometric data and data concerning health;
“personal data processing” means any operation or set of operations which is performed on personal data, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, use, disclosure by transmission, dissemination or otherwise making available, alignment, combination, restriction, erasure or destruction;
“controller” means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data;
“processor” means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
- Data Processing Controller
Dr. Nikolaos Plevris, Vas. Sofias Ave. 124 B Athens Greece [hereinafter referred to as “the Administrator”] is the owner / administrator of the Website www.talosintuitivecare.com [hereinafter referred to as “the Website”]. Administrator is responsible for processing the personal data of the Website’s users.
This Policy specifies the terms and conditions followed by Administrator for the general protection of the privacy of users / visitors of www.talosintuitivecare.com as prospective patients, whose personal data may be processed by Administrator with the aim of providing healthcare services. Through this Policy we aim to inform you on how we collect, store and process your information, such as personal data provided by you when you choose to receive healthcare services from our institution, or health information arising from the provision of our services and your online medical file.
The Company reserves the right to amend and adjust this Policy as it sees fit, while any changes are in force as soon as they are posted on our website www.talosintuitivecare.com.
- Basis of processing
Administrator collects and processes data of personal nature (hereinafter “personal data”) of users of the website www.talosintuitivecare.com, based on the consent you yourselves have provided freely and voluntarily by signing the Personal Data Form before filling-in your application and registering your data in the Website’s online form. Administrator, as Data Processing Controller, undertakes to ensure that the confidentiality of your personal data is respected and to guarantee that you are able to exercise freely the rights conferred upon you by national and Community law applicable to the collection, use and disclosure of your personal data by us.
Moreover, Administrator may process personal data, provided the processing is necessary, for at least one of the following legal grounds:
• For entering into agreements between us or for taking measures at your request, prior to entering into an agreement, or
• For complying with a legal obligation, or
• For the purposes of our legal interests, or
• For safeguarding your vital interests, or
• For performing tasks in the public interest, or
• For exercising rights and obligations arising from the social insurance legislation, or
• For establishing, exercising or defending of legal claims, or for courts acting in their judicial capacity, or
• For the purposes of preventive or professional medicine, medical diagnosis, provision of medical treatment or management of health systems.
Our processing of personal data takes place according to the following principles of processing, as stipulated in the GDPR; legality, objectivity, transparency, purpose limitation, data minimization, accuracy, retention-time limitation, data integrity, confidentiality and accountability.
- Legal Framework
The collection and processing of your personal data are subject to the provisions of the General Data Protection Regulation of the European Union – Regulation (EU) 2016/679 of the European Parliament and of the Council (GDPR), and any law or regulation issued subsequently or for applying the aforementioned General Regulation, as well as any applicable national law in force on personal data protection in general, especially in the healthcare sector.These include, among others, the following applicable laws, as amended and currently in force:
• Law 4624/2019 on protection of personal data
• Law 3418/2015 on the Code of Medical Ethics
• Law 2619/1998 (Art. 5) on the Oviedo Convention
• Law 4582/2018 (Art. 20) on Thematic Tourism
According to the legislative framework outlined above, Talos Intuitive Care collects and processes personal data of patients, patient carers or users of its companies’ websites for the following purposes, and to the extent absolutely necessary, to best serve these purposes. This data is relevant, useful and not excessive in relation to the above purposes. It is also accurate and, where necessary, kept up to date.
- Which Personal Data are Collected and Processed and What for?
Administrator collects and processes simple personal data (i.e. name, surname, residence address, age, email, passport number etc.) provided by you or another person on your behalf for the purpose of informing you about the services provided by www.talosintuitivecare.com, of processing and examining your application to receive healthcare services by www.talosintuitivecare.com and its partners, of carrying out the agreement for provision of healthcare services, signed by you or another natural or legal person on your behalf, and/or for safeguarding your vital interests, and/or for complying with a legal obligation or interest of Administrator, and/or based on your consent.
Moreover, Administrator collects and processes special category data(i.e. medical history, medical tests and medical procedures etc.) submitted by you or another natural or legal person on your behalf based on your explicit consentfor the purpose of informing you about the services provided by www.talosintuitivecare.com, of processing and examining your application to receive healthcare services by www.talosintuitivecare.com, and the medical data arising from the provision of medical services – healthcare services by Administrator and/ or its partners for the purpose of providing medical treatment – and healthcare services based on preventive or professional medicine, medical diagnosis, the protection of your vital interests and/or your explicit consent.
- Data Retention.
Your personal data are retained for as long as it is necessary for the provision of our services and required by Law. In particular, as specified in the Greek Code of Medical Ethics (Law 3418/2005) Article 14(4): “The obligation to store medical files applies for: (i) a decade from the last visit of the patient, for private practices and other private primary healthcare units, (ii) for 20 years from the last visit of the patient, in all other cases.”
Data may be retained for longer periods if this is required by law for specific purposes such as bookkeeping and accounting.
- Disclosure/Transfer of Data
Administrator may disclose/ transfer the data acquired for the aforementioned purposes within and outside the EU, to natural or legal persons that cooperate with Administrator and/or provide services solely for the purposes described above, such as:
to any doctor and / or physician who offer independent services to our institution;
to any associates acting on behalf of the www.talosintuitivecare.com in line with the agreements between us with the aim of providing healthcare services;
to private or public insurance bodies, based on your legal relationship with them;
to any competent judicial, police or tax authority within or outside the EU, in compliance with the legislative framework in force,
The natural or legal persons which provide services to Administrator, do so solely on Administrator’s orders and within the framework set by it. Administrator takes the necessary measures to ensure that only the absolutely necessary data are transferred/disclosed in each case depending on the specific purpose and to guarantee that such data are processed under the law.
The collection and processing of your personal data by the Administrator is not intended for commercial purposes. Administrator undertakes not to sell, lease or in any way publish and/or disclose your personal data to any third party, natural or legal person, unless disclosure of data is required in any of the cases described herein.
- User Rights
With regard to the personal data you provide to the Company, you maintain, among other things, the rights to information, access, rectification, erasure, restriction of processing, objection and portability as specified in Articles 13 to 21 of the General Data Protection Regulation of the European Union – Regulation (EU) 2016/679 of the European Parliament and of the Council (GDPR):
• Right to information: This is the right to know who is processing your data, what data are being processed, for what purpose and for how long the processing takes place.
• Right to access: This is the right to receive confirmation as to whether or not your personal data is being processed, what data are being processed, for what purpose, how long they are stored and to whom they can be disclosed.
• Right to rectification: This is the right to request the correction of inaccurate or irrelevant personal data and to fill in incomplete information.
• Right of erasure (‘right to be forgotten’): This is the right to request the deletion of your personal data under certain conditions set by the Regulation, such as when the data is no longer necessary, you have withdrawn your consent, the data has been processed illegally, etc.
• Right to restriction of processing: This is the right to request that the processing of your personal data be restricted when their accuracy is contested, the processing is unlawful, the data are no longer needed by the controller, or you have objections to processing by automated means.
• Right to object: This is the right to oppose at any time and for reasons related to your particular situation, to the processing of personal data that concern you, if such processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller or if such processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, including the profile status under those provisions.
• Right to data portability: This is the right to receive the personal data that concern you and that you have provided, in a structured, commonly used and machine-readable format and the right to transmit those data to another company without hindrance from the Company to which the personal data have been provided, where: (a) the processing is based on consent or a contract; and (b) the processing is carried out by automated means. When exercising the right to data portability, you have the right to request the direct transmission of personal data from one controller to another where this is technically feasible.
Theabove mentioned right rights may be restricted due to our obligation to apply another law, as for example in the case you request erasure of data, but we are under the obligation to keep it according to the law.
- Cookies Policy.
According to theDirective 2009/136/EC, which will be replaced by Regulation, our website accepts cookies. A cookie is a small alpha-numeric archive which is stored on the hard drive or in the browser of a computer, tablet, smartphone or similar device when it browses the internet. The majority of the cookies we use are of the analytic type, which count number of users, help us to understand how they navigate our site and improve the way it works, for instance by making search results more accurate. By visiting our website, you accept (opt-in) the procession of your personal data collected by social media or search engines e.g. Google Analytics, without any involvement, influence or control on the part of the Company, transmitted within or besides theEuropean Economic Area (28 EU-members, Island, Lichtenstein, Norway).
In case you don’t agree with the receipt of information by third parties such as Google, Facebook, Twitter, etc from your browser, when you are visiting our website, you can opt out by making the corresponding settings as provided by the applicable usage policy on each third party’s website.
You can block cookies by activating the setting on your browser that allows you to refuse the setting of all or some cookies. However, if you use your browser settings to block all cookies (including essential cookies) you may not be able to access all or parts of our site or any other websites that you visit.For more information about cookies, you can always visit www.allaboutcookies.org (http:/www.allaboutcookies.org/) or you can click on the help menu on the browser you use. If you are facing any problem on deleting or blocking the cookies from the browser you use, please contact your browser provider.
You are offered the opportunity of receiving our Website’s news e.g. new services, activities, events, etc via newsletters sent to your email/home address. Your selection is recorded via your subscription in our website’s newsletter. In any such email, we will clearly and distinctly identify ourselves and will give you the option to object and request, easily and free of charge, termination of communication and erasure of your data from the database in questionor you can express your wish by sending email to our email address firstname.lastname@example.org.
- Security measures
Administrator has taken all the appropriate technical and organizational measures to safeguard the implementation of the legislation and the suitable security level for your personal data. It has also trained all its staff and its network of associate physicians accordingly through the Personal Data Protection Procedures, and has legally bound all its associates who act on its behalf as processors with contracts governed by the guarantees and assurances of the GDPR.
- Applicable Law