PERSONAL DATA PROTECTION POLICY

EMBRYOLAB

‘EMBRYOLAB’ places great importance on security and respects your privacy and the confidentiality of your personal data. This is why we invest time and resources in protecting your privacy. In this effort, we are in a continuous process of updating and training in order to fully comply with the national EU and international framework in place and, in particular, the General Personal Data Protection Regulation (Regulation 679/2016) of the European Union.

PURPOSE OF THIS POLICY

The purpose of this policy is to inform you about how the personal data of our customers are collected, stored, used and transmitted, the security measures we take in order to protect your personal data, the reasons and period for which they are stored, as well as the type of personal data collected. This concerns any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

This Policy is updated from time to time and may be amended at any time this is deemed necessary, without prior notice, always in compliance with the legislative framework in force and in accordance with any changes to the applicable personal data protection legislation. Therefore, we recommend that you review this Policy at regular intervals in order to learn about any changes made.

What are personal data?

Personal data are any information regarding any particular natural person or a person who can be identified (e.g. name, identity card number, address, etc.). Data concerning health (physical or mental health, provision of medical services, etc.) are included in the general term ‘personal data’ but constitute a special category of data. The Company shall not process your personal data without your consent. However, the Company reserves the right to process your personal data in exceptional cases to the extent permitted or required by law and/or Court judgments or prosecutorial orders.

How are personal data collected?

Your personal data are collected in the following ways:

(a) you provide them when the Company provides medical services to you or a person you are accompanying, when you contact us in order for you or a third person to receive medical services, when you submit a job application to the Company, when you fill out electronic forms or send electronic mail (‘e-mail’) messages in order to learn about or use the Company services available via the web pages at the domain name embryolab.eu

(b) automatically through the browser software or the mobile device you use to access our websites

(c) they are provided by a third-party associate of ours after you have granted your consent (e.g. insurance firm, your attending physician).

When registering with a service provided through the web pages managed by the Company, you will be required to fill out certain fields, as well as choose a username and password. Where your consent to the collection of your personal data is required, e.g. in order to receive a newsletter on a regular basis, this will be expressly requested and you have the right to withdraw it at any time.

What type of personal data is collected?

In brief, the personal data that are collected and undergo further processing

include:

– your name, address and general contact details (including your e-mail address and telephone number) or those of your relatives, – health data concerning the medical or nursing services provided by the Company or health data concerning medical services not provided by us but forwarded to us either by you or by third parties,

– information you provide concerning payment, such as bank-issued card details,

– other information originating from the use of web pages and other digital platforms we use to provide information concerning the following services provided by the Company through its web pages and/or your registration for one or more of these:

  • Dispatch of a newsletter on a regular basis
  • Dispatch of e-mail messages or announcements/news
  • Management of your medical file if we have provided you with services
  • Recording of health data and collection of information.
  • Submission of questions concerning services relating to medical tourism.

Beyond the above data you provide, technical information that constitutes personal data may be collected, such as, for example, the Internet Protocol address of your device [e.g. personal computer, laptop computer, tablet, smartphone]. This technical information is used for the unhindered operation and appearance of the web pages and electronic services, and is not permanently stored within our infrastructure.

Further details on the technologies used in our web pages (cookies, internet tags, etc.) can be found in the Company’s Personal Data Protection Policy (see Chapter 2 below).

Which principles govern the Company’s processing of personal data?

The Company processes your personal data in a fair and lawful manner for clearly defined purposes laid down in this Policy. Your personal data that are processed by the Company are limited to those that are absolutely necessary for the achievement of these purposes, are accurate and timely, are kept for a period set out by the processing purposes, are protected by adequate security measures and are not transmitted to countries that do not ensure a satisfactory level of protection.

Who collects personal data and for which purpose? Are they transmitted to third parties?

Personal data are collected and processed by authorised Company employees for each service, for the purposes and solely for the provision of each service. They are transmitted solely to third parties who have undertaken commitments for observing confidentiality, when they are required to have access to the framework of provision of these services (e.g. physicians for diagnostic purposes).

Following an order on your part, your personal data may be transmitted to third parties (e.g. a different physician of your choice) or enterprises associated with the Company (e.g. insurance firms with which you have concluded contracts).

The Company undertakes to not trade your personal data by making them available for sale/rent, giving/transferring/making them public or communicating them to third parties or using them in any other manner and for other purposes that could endanger your privacy, rights and liberties, unless required by law, Court judgment/order, administrative act or if it is a contractual obligation that is necessary for the unhindered operation of the Company Web Page and the realisation of its functions.

Your personal data may be transmitted to associates or third parties who comply with the terms of this Policy and are bound to observe confidentiality and who are acting on our behalf for further processing for the purpose of providing services, evaluating and improving the functionality of the website, as well as for marketing, data management and technical support purposes, solely after users have been notified in advance and their consent has been obtained. These third parties are contractually bound to us to use personal data solely for the above reasons, to not transmit personal information to third parties and to not disclose them to third parties unless required by law.

How long are my personal data kept?

Your personal data are kept as long as required by the nature of the Company service you have selected and, additionally, as long as required by the applicable legislation.

 What are my rights? What are my options if I have any issues with the processing of my personal data?

You have the right to ask us at any time which personal data we process, for which purposes we process them, whether we communicate them to third parties and if so to whom, and other relevant information. You also have the right to receive a free copy of your personal data upon request. Other rights under the relevant personal data protection legislation include the right to request the updating and/or rectification of your data, the right to have your personal data no longer processed and/or to restrict their processing and to have your personal data erased from the Company’s systems if there is no legal obligation for their retention. You also reserve the right to portability and/or to oppose the processing of your personal data.

More specifically, with respect to the newsletter service, you can unsubscribe by following the instructions included in each newsletter in order for the processing of the personal data relating to this service to cease.

You can exercise all your above rights by submitting a written request to dpo@embryolab.eu. For any issue concerning your personal data and/or clarifications, please contact the Data Protection Officer of the Company, by calling 2310474747, by e-mail at dpo@embryolab.eu, or by fax at 2310475718. In any event, you have the right to contact the competent Hellenic Data Protection Authority (www.dpa.gr) and/or seek a judicial remedy. Any request submitted must be accompanied by the appropriate identifying evidence and the necessary information (e.g. the data requiring rectification) as set out in the terms of use of each service. The Company may request additional information necessary to confirm your identity.

The Company makes every possible effort to ensure that we reply to your requests without delay and, in any event, within one month of receipt. That period may be extended by two (2) further months where necessary, taking into account the complexity and number of the requests. You will be notified of this extension and the reasons for the delay within one month of receipt of the request by the Company. If your request is submitted electronically, the response will be provided electronically, where possible, unless you request a different response (e.g. written letter).

In any event, you may contact the Data Protection Officer of the Group, the Hellenic Data Protection Authority and/or seek a judicial remedy if you believe your above rights have been infringed.

Are my data secure?

The Company places the utmost importance on the privacy of individuals whose personal data it processes, be they customers, employees or third parties, and makes every possible effort to protect them, both in terms of confidentiality/discretion regarding the information and in terms of their integrity (preventing their alteration, accidental destruction, etc.). In this context, the Company applies an Information Security Management System that complies with the best practices of the ISO 9001:2015 and EN 15224:2012 standards.

The Company takes every appropriate organisational and technical measure designed to protect information from loss, misuse, unauthorised access, disclosure, distortion or destruction, and sees to the fair and lawful collection and processing of personal data, as well as their secure retention in accordance with the relevant provisions of Greek, EU and international law concerning the protection of individuals from the processing of personal data, as well as the decisions of the Hellenic Data Protection Authority, safeguarding the secrecy and confidentiality of any information of which it becomes aware. More specifically, this Policy fully takes into consideration the provisions and Articles of Regulation (EU) 2016/679 of the European Parliament on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (‘General Data Protection Regulation’ – ‘GDPR’), and continuously makes every possible effort to comply with that Regulation.

Access to the contact details of visitors/users of the Company Web Page is limited to authorised persons who are bound to observe confidentiality (employees, service providers) and are reasonably considered to be required to know these details in order to provide products or services to Web Page visitors/users or to carry out their work.

The Company expressly prohibits the use of cameras, video cameras and photography and video recording functions of mobile telephones by staff and associates at company premises.

 How are my personal data collected and used?

Personal data are collected on the Company Web Page in the following cases:

– When you request information concerning the health services provided by the Company through the Web Page.

– When you register and request to receive e-mail correspondence or Company announcements/news.

– When you register and use the services of the Company Web Page.

– When you voluntarily participate in Company health services and health programmes.

– By using ‘Cookies’ or similar technologies (see the next question below for further details).

Your personal data collected in each case include but are not limited to:

– Dispatch of a newsletter on a regular basis: e-mail address.

– Management of the medical file of patients who have received health services from the Company: all personal data included in the medical file, including health data, results of medical examinations, physician evaluations, financial data, etc.

– Recording of health data and collection of information: Medical history data, contact details [e-mail address, postal address, telephone number, etc.].

– Submission of questions concerning services relating to medical tourism: full name, age, health data/medical history data, contact details [e-mail address, postal address, telephone number, etc.].

– Monitoring of the unhindered operation and improvement of the functionality and performance of the web page: Internet Protocol address, browsing patterns, information on the use of a web page, browser history, geolocation, HTTP data, etc. These data are kept in aggregate form so that the identification of users is as infeasible as possible.

The sole and exclusive purpose of the collection and processing of personal data is:

– to provide tailored information and services,

– to provide health services according to users’ preferences and characteristics,

– to carry out statistical analysis of the traffic and use of our web page,

– to satisfy user requests and directly communicate with users in order to notify them of new health services offered by the Group (provided their consent has been obtained).

Further transmission to associated third parties shall take place at the request of the visitors/users themselves. User request is expressly requested following notification of the purposes and legal basis of the use of personal data and is a key requirement for any processing or transmission of the personal data of users.

– What are Cookies and internet tags?

Cookie are small text files containing information stored in the browser software on the computers of visitors/users when they visit the Web Page, and may be deleted at any time. The Company Web Pages use cookies for the following purposes:

– To ensure that the Web Page operates smoothly and at the required speed.

– To recognise the device you use to visit the Web page, the browser software and/or operating system you use, for the purpose of providing a tailored browsing experience and/or use of the Company Web Page.

– To store your settings during a visit or between visits (such as the username you have picked, the language you prefer or the use of social networking media) so that you do not have to re-enter certain data.

– To improve the performance and/or security of the Web Page.

– To provide content based on your interests and needs.

– To analyse how you browse and/or use the Web Page.

The Company does NOT use cookies in the following cases:

– To collect personal data without your consent.

– To transmit your data to advertising companies.

– To transmit your data to third parties without your consent.

The types of cookies used on the Company Web Page are ‘persistent cookies’ and ‘session cookies’. Furthermore, certain third-party services that are active on the Web Page, such as ‘social media buttons’, place their own cookies on your computer; these are not controlled by the administrators of the Company Web Page. The session cookies used by the Company Web Page are deleted after your browsing has ended and/or the browser software has been shut down. Persistent cookies remain on your computer or device until you delete them or the period set out in the cookie expires.

You can set the browser you use to either alert you when cookies are used by specific Web Page services or not allow the use of cookies in any case. You can find further information on the general use of cookies and methods to limit or block them at https://cookiepedia.co.uk/all-about-cookies and http://www.allaboutcookies.org/. You can also delete cookies from your computer or device at any time. However, it must be stressed that by not accepting cookies or certain of them, some features of a web page might not be fully available. The Company Web Page also uses ‘internet tags’. This method is used to measure visitor response to the Web Pages. Our Company assures you that the use of ‘internet tags’ and cookies does NOT entail the collection or search of personal, identifiable information concerning web page visitors, such as names, addresses, e-mail addresses or telephone numbers.

– What is the Company Web Page policy concerning the personal data of children?

The Company undertakes the commitment to not process personal data from Web Page visitors/users under the age of sixteen (16) without having previously obtained the consent of the person exercising parental care of the child (the parent or guardian) through direct non-electronic communication, or through the Internet.

-What is the policy concerning links to other web pages?

The Company Web Page may contain hyperlinks to other web pages; the Company shall not be held liable with respect to the content and services of such web pages and cannot guarantee their continuous and secure accessibility. The Company shall not be considered to accept or endorse the content or services of the web pages of hyperlinks in any event or be considered to be affiliated with them in any way. Should any problems arise during the use of the above web pages, the beneficial owner of each web page shall be exclusively responsible. In the event of hyperlinks to other web pages, the Company shall not be held liable for the terms of personal data management and protection they follow. We use social media to present the work and services of the Company through widely used, modern channels of communication. The use of social media by the Company is specifically presented on our Web Page. For example, you can watch informative videos by health scientists employed at our Company’s clinics that we post on your YouTube channel and follow our Twitter and LinkedIn accounts through the links found on our Web Pages.

The Company strongly encourages users to consult the corresponding policy of each third party (e.g. search engine service providers, social media providers such as Facebook, LinkedIn, Twitter, etc.) in order to learn about the practices they follow for the protection of personal data.

The Company Web Page may show material with advertising/informative content, purpose and character. The Company shall bear no liability towards visitors/users and any third parties for any unlawful act or omission, inaccuracy or failure to comply with the laws and regulations of any country or the European Union with respect to the content of these notifications. The Company is not obligated to examine and shall not examine whether or not the informative material shown on the above web pages is lawful and as such no liability may be attributed to the Company. This liability is borne by the parties being advertised, the sponsors or the creators of the advertising material being shown.