Privacy Policy

Website Privacy Policy

General

MD Medical Diagnostic Laboratories (hereinafter “MD Medical”) fully respects your privacy and strives to protect your personal data in every way. For this reason, MD Medical has fully complied with the provisions of national and European legislation on personal data protection, including Regulation 2016/679 of the European Parliament and the Council on the protection of natural persons against the processing of personal data (“General Data Protection Regulation” – “GDPR”), as applicable, as well as national law N. 4624/2019.

This Website Privacy Policy aims to inform visitors about how their data is collected and processed during their use of the website, including any data they may provide, for example, by filling out the contact form available on the website or through interaction with other websites.

This Website Privacy Policy should be considered alongside any other relevant personal data protection notice or fair processing notice we provide for specific instances when we collect or process your personal data. In any case, it should be read in conjunction with the Cookie Policy posted on our website.

MD Medical

MD Medical is a company specialized in conducting medical examinations with reliability and many years of experience. Daily, MD Medical diagnostic laboratories provide a range of health services, organized and specifically tailored to the needs of the examinees who trust them. In this context, MD Medical is fully committed to protecting the personal data of its website visitors.

We want to be clear from the outset about the data we collect, how we use it, the recipients of this data and the rights arising from the applicable legislation. For the purposes of data protection legislation regarding the actions you take through the website or the collection of other information through it, we are the Data Controller of your personal data.

Definitions

Some of the terms used in this Policy have legal significance and are defined by the regulatory framework. Thus:

• “Processing” means any operation or set of operations performed on personal data, whether or not by automated means. This includes the collection, recording and organization of personal data.
• “Personal data” means any information relating to an identified or identifiable natural person. An identifiable natural person is one who can be identified, directly or indirectly, particularly by reference to an identifier such as a name, identification number, location data, an online identifier, or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.
• “Consent” means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which they, by a statement or by a clear affirmative action, signify agreement to the processing of personal data relating to them.
• “Data Controller” means the natural or legal person, public authority, agency, or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.

For more definitions, you can refer to Article 4 of the Regulation (https://eur-lex.europa.eu/legal-content/EL/TXT/HTML/?uri=CELEX:32016R0679&from=EL)

 

Principles Governing the Collection and Processing of Your Data

The collection and processing of your personal data by MD Medical are governed by the following principles, as further specified by the Regulation:

• Lawfulness, fairness and transparency
• Purpose limitation
• Data minimization
• Accuracy
• Storage limitation
• Integrity and confidentiality

We make every effort to apply these principles at all stages of interaction with you through our website.

Categories of Data Subjects

Every visitor to our website is a data subject, whether they simply visit the website, fill out the contact form to submit to our Company, or fill out the form for online appointment scheduling.

Personal Data We Collect

The personal data we collect and process are always relevant to fulfilling our obligations to you and necessary for providing you with the desired information through our website. If you fill out the contact form posted on our website, we will collect your name, surname and email address and we will keep this information in our records only for as long as necessary to process your submitted request. If you fill out the online appointment scheduling form, we will collect your name, surname, email address, phone number, the Center you wish to visit and the date that suits you. We will use this information to contact you only regarding the scheduling of your appointment at MD Medical. Finally, with your explicit consent, we will collect your email address for sending newsletters.

Your Acceptance

By navigating our website and filling out the Contact Form and the Appointment Scheduling Form, you declare that you accept the collection and processing of your personal data provided in accordance with this Policy. You can withdraw this consent at any time by contacting the relevant department of MD Medical.

Newsletter Subscription

Our Company, as the data controller, upon your subscription to the newsletter recipient list by entering your email in the designated field and ticking the “tickbox” before submitting your email, receives your consent to send you informational or/and promotional material (newsletter) about offers and new services. Your email will be used exclusively by our Company and will not be disclosed to third parties, even if the newsletter concerns products or/and services of third companies or/and partners with whom it maintains a commercial collaboration. Your consent statement will be kept for as long as you receive the newsletter from the Company and no longer than six months from the cessation of its dispatch. You can revoke your consent at any time by following the link at the bottom of each newsletter or by contacting the relevant department of our Company.

Information We Collect Automatically – Cookies

We use cookies and other technologies to collect information about your activity, browser and device. This data helps us create a profile for each user. Some of this data will be aggregated or statistical, so we cannot identify you individually. If you prefer, you can remove or reject browser cookies through your browser or device settings. However, rejecting or removing cookies may affect the availability and functionality of our services. For more information about the use of cookies, refer to the Cookie Policy. We may also collect information about your device each time you use our website. We may associate the information we collect from your different devices, which helps us provide tailored services based on the device you use. For example, we collect:

• Characteristics such as the operating system and its version
• Browser type and IP address

Additionally, when you use our website, we collect log information, which may include, among other things:

• How you accessed our website
• Information about the device you used, such as browser type and language
• Access times
• Pages viewed
• Identifiers related to cookies or other technologies that can uniquely identify your device or browser
• Pages you visit before or after navigating our website

How We Use Your Personal Data

The table below explains in detail the type of data we process, the purpose of processing and the legal basis for such processing.

TYPE OF PERSONAL DATA	PURPOSE OF PROCESSING	LEGAL BASIS
Email	Sending newsletters from MD Medical to interested parties, with their consent	The data subject has consented to the processing of their personal data
Name and contact details	Communication with website visitors	Communication with the Visitor, Satisfaction of Legitimate Interests of the Visitor
Device information, such as browser type and language	Improving our website and setting default options (such as language and currency)	Legitimate Interests of MD Medical, Consent (Acceptance of cookies by the visitor)
Information about the visitor’s computer, their visits and use of this website (e.g., IP address, geographic location, browser, how they were informed about the website, duration of the visit and number of page views)	Statistical reasons and website improvement	Legitimate Interests of MD Medical, Consent (Acceptance of cookies by the visitor)

With Whom We Share Your Data

To fulfill the legal obligations arising from our relationship, we share your personal data with the following recipients:

• Professional external partners of our Company, such as professional accounting service providers, who are bound by strict confidentiality clauses.
• Professional service providers, such as website administrators who contribute to the operation of our Company.
• Companies approved by you, such as social networking sites.

Some of these recipients may be located outside the European Economic Area. For more information on how we protect your personal data outside the EEA, refer to the section “International Data Transfers.”

How Long We Retain Your Personal Data

We will retain your personal data for as long as necessary to provide our services to you. In any case, your data will be deleted or destroyed after ten years from their collection. We may continue to retain your personal data even after providing the website services, respecting the principle of proportionality and taking appropriate technical measures, only on the basis of the “absolute necessity of knowledge” to comply with legal or regulatory requirements, resolve disputes, or prevent fraud and abuse.

International Data Transfers

Personal information submitted for publication on the website by users or in linked applications may be made available via the internet worldwide. Our website cannot prevent the use or misuse of such information by others. In any case, the transfer to third countries will be done in compliance with and according to the conditions of Regulation (EU) 2016/679 and Greek law N. 4624/2019.

Protection of Minors

Visitors/users of the website who are minors are not allowed to access its services. If, however, minors voluntarily visit our website and this cannot be controlled, the website bears no responsibility. In any case, the services provided through our website are presumed to be under the supervision of a parent or guardian or trustee and with their consent.

Your Rights Regarding the Data Collected by the Website

We inform you that you have the right to:

• Access your data
• Rectify your data in case of inaccuracy
• Erase your data in specific cases
• Restrict the processing of your data
• Object to the processing of your data
• Transfer (Portability) your data to another entity or organization
• Withdraw your consent
• Lodge a complaint with the Data Protection Authority in case of an unfortunate data breach incident

The website will review and respond to your requests within one month of receiving them. This period may be extended by two more months if further time is required and the request is particularly complex.

You can contact us for any concerns regarding the security of your data related to the website at the following phone number: 2310720020 and email: info@mdmedical.gr. The Data Protection Officer appointed for your data protection is KKL Consulting Services IKE, which you can contact via email at dpo-service3@privacyadvocate.gr.

How to Exercise Your Rights

You can submit an access request free of charge. However, depending on the personal information you request, we may charge a fee to cover the cost of providing the details of the information we hold. We will inform you of any such charges upon receiving your access request and will await your confirmation to proceed and pay this amount.

Protective Measures We Have Taken

We have taken appropriate security measures to prevent accidental loss of personal information or unauthorized use or access. Those who process your information for the legitimate purposes explained above are subject to a confidentiality obligation. Additionally, we have procedures in place to address any data security breaches.

Specifically, the website:

• Takes all organizational and technological precautions to prevent the loss, misuse, or alteration of users’ personal information.
• Stores all personal information provided by users on secure servers protected by passwords and firewalls.

The user acknowledges that the transmission of information over the internet has inherent security issues and therefore MD Medical cannot guarantee the security of data transmitted over it. It is noted that we cannot guarantee the security of information received via email. Therefore, you should NOT send us payment information or details via email. However, if you choose to disclose your information to us, MD Medical will not store it and will inform you accordingly.

Supervisory Authority

We hope that we can resolve any questions or concerns you may have regarding the use of your information. If you are not satisfied with how MD Medical handles your personal data, you have the right to contact the competent supervisory authority. The competent supervisory authority is the Hellenic Data Protection Authority (HDPA), located at 1-3 Kifisias Avenue, Athens, 11523, phone: 2106475600 and email: contact@dpa.gr.

Updates

The website updates this Policy periodically by publishing the new version on the website or in linked applications. The user should regularly check this page to ensure they agree with any changes to the terms of this Policy. MD Medical may inform users of changes to this Policy, for example, by posting a relevant message on its website.