Dr. Charalampos Vittorakis Polyclinic
Data Protection / Responsibilities
The Vittorakis Polyclinic Board members, collectively known as the ‘data controller’ permit the organisation’s staff to use computers and relevant filing systems (manual records) in connection with their duties. The Vittorakis Polyclinic Board members have legal responsibility for the notification process and compliance with the GDPR.
The Vittorakis Polyclinic Board members whilst retaining their legal responsibilities, they have designated for the purpose of monitoring compliance with the GDPR requirements, a Data Protection Officer.
Data Protection Officer’s (DPO) responsibilities
The Data Protection Officer’s responsibilities include:
- ensuring that the policy is produced and kept up to date
- ensuring that the appropriate practice and procedures are adopted and followed by the Vittorakis Polyclinic.
- provide advice and support to the Board on data protection issues within the organisation.
- work collaboratively with Board members, to help set the standard of data protection training for staff.
- ensure compliance with individual rights, including subject access requests.
- act as a central point of contact on data protection issues within the organisation.
- implement an effective framework for the management of data protection.
Vittorakis Board’s responsibilities
All senior managers across the organisation are directly responsible for:
- ensuring their staff are made aware of this policy and any notices.
- ensuring their staff are aware of their data protection responsibilities.
- ensuring their staff receive suitable data protection training.
Personal information can be anything that identifies and relates to and can identify a living person.
The GDPR requires the Vittorakis Polyclinic to comply with the eight Data Protection Principles and to notify the Vittorakis Board for Personal Data Protection about the data that we hold and why we hold it. This is a formal notification and is renewed annually.
All Vittorakis Polyclinic employees have a legal duty to keep all information provided to the organisation and themselves strictly confidential. This legal obligation is further enforced through the codes of practice of all staff respective professions and by virtue of their contract of employment with the Vittorakis Polyclinic.
What personal information about you handles The Vittorakis Polyclinic?
To provide you with a high standard of medical care and attention, we need to hold your personal information which includes details of your:
- Past and current medical condition;
- Personal details such as name, surname, date of birth, age, address, telephone number, email address, name of the hotel and number of the room and attending physician;
- Radiographs, clinical photographs and study models;
- Information about the treatment and services that we have provided or propose and the cost of such services and treatment;
- Notes of conversations and interactions between you and our staff of which a record needs to be kept;
- Records of consent to treatment; and
- Any correspondence relating to the above and to other health care professionals or organizations that relate to you.
We may also need to use some information about you to:
- to enable us to provide healthcare services for patients;
- manage those services we provide to you;
- help investigate any worries or complaints you have about your services;
- check the quality of services;
- data matching under the national fraud initiative;
- to help with research and planning of new services;
- supporting, training and managing our employees who deliver those services; and
- keep track of spending on services.
Where the personal data originates from
The personal data held by The Vittorakis Polyclinic may have been provided by:
- your parents, relatives or carers;
- other hospitals;
- ambulance personnel;
- local authorities;
- other private healthcare providers; and
- other third parties (including education providers and previous employers).
How the law allows us to use your personal information
There are a number of legal reasons why we need to collect and use your personal information.
Generally, we collect and use personal information where:
- it is necessary to perform our statutory duties;
- it is necessary to protect someone in an emergency;
- it is required by law;
- it is necessary for employment purposes;
- it is necessary to deliver health or social care services;
- you have made your information publicly available;
- it is necessary for legal cases;
- it is to the benefit of society as a whole;
- it is necessary to protect public health;
- it is necessary for archiving, research or statistical purposes;
- you or your local representative, have given consent; and
- you have entered into a contract with us.
Who the information may be shared with
The Vittorakis Polyclinic may need to share the personal information we process with you and also with other individuals and organizations. Where this is necessary we are required to comply with all aspects of the GDPR.
Where necessary or required we share information with:
- family, associates and representatives of the person whose personal data we are processing;
- current, past or potential employers;
- healthcare, social and welfare organizations;
- suppliers to support systems, service providers, legal representatives;
- auditors and audit bodies;
- educators and examining bodies;
- survey and research organisations;
- professional advisers and consultants;
- police forces;
- security organisations; and
- central and local government. (in case of a Covid-19 outbreak)
Why do we hold information about you?
We need to keep extensive and accurate personal data about our patients to provide you with safe and appropriate medical care. We will ask you to regularly update your medical history and contact details at your earliest convenience.
Disclosure of information
To provide proper and safe medical care we may need to disclose personal information about you to:
- Your general medical practitioner;
- Other hospitals, clinics or medical care services who have or will provide treatment to you;
- Other health professionals caring for you;
- Greek Social Security Authority;
- Any medical insurance or schemes of which you are a member; and
- Agents and Third parties as required by legal and law.
Disclosure will occur on a ‘’need-to-know‘’ basis. Only those individuals/organizations who need to know in order to provide care for you and for the proper administration by Government authorities and personnel (whose personnel are covered by strict confidentiality rules) will be given the information.
In very limited circumstances or when required by law or court order, personal data may have to be disclosed to a third party not connected with your health care. In all other situations, disclosure that is not covered by this Code of Practice will only occur when we have your specific consent. Where possible you will be informed of these requests for disclosure.
Access to your records
You have the right to access the data that we hold about you and to receive a copy. Parents may access their child’s records if this is in the child’s best interests and not contrary to a competent child’s wishes. Formal applications for access must be in writing to the Vittorakis offices’ Data Protection Officer.
If you do not agree
You have a right to withdraw your consent at any time, however, this will not be retrospective.
How do your records help you?
Your records are used to guide and administer the care you receive. They help us to ensure that:
- We have accurate, up to date information about your health;
- You receive the best quality of care;
- Information is easily accessible by The Vittorakis Polyclinic to assist us to make decisions about your healthcare needs; and
- Any concerns you may have about your health are properly investigated.
It may sometimes be necessary to transfer personal information overseas. When this is needed information may be transferred to countries or territories around the world. Any transfers made will be in full compliance with all aspects of the GDPR.
Your rights under GDPR
Under the GDPR you have the following rights;
- to be informed;
- of access to, and copies of, the personal data we hold about you;
- to accuracy and making changes (rectification);
- the right to erasure;
- the right to restrict processing;
- to data portability;
- to object; and
- the right not to be subject to automated decision-making.
Ask for access to the information we hold on you
We would normally expect to share what we record about you with you whenever we assess your needs or provide you with services. However, you also have the right to ask for a copy of all the information, both paper and electronic, we have about you and the services you receive from us. We will aim to provide the requested information to you within 30 days, but if we are unable to do so then we will explain the problem to you. In most cases, we will provide a copy of the information to you for free but there are some circumstances where we will need to charge.
However, at times we may not be able to share your whole record with you particularly if the record contains:
- Confidential information about other people; or
- Data, a professional thinks, will cause serious harm to your or someone else’s physical or mental wellbeing; or
- It might affect a police investigation.
Ask to change the information you think is inaccurate or incomplete
You should let us know if you disagree with something written on your file. We may not always be able to change or remove that information but we’ll correct factual inaccuracies and may include your comments in the record to show that you disagree with it.
Ask to delete information
In some circumstances you can ask for your personal information to be deleted, for example;
- Where your personal information is no longer needed for the reason why it was collected in the first place.
- Where you have removed your consent for us to use your information (where there is no other legal reason for us to use it).
- Where there is no legal reason for the use of your information.
- Where deleting the information is a legal requirement.
Where your personal information has been shared with others, we’ll do what we can to make sure those using your personal information comply with your request for erasure.
Please note that we can’t delete your information where:
- we’re required to have it by law;
- it is used for freedom of expression;
- it is used for public health purposes;
- it is for, scientific or historical research, or statistical purposes where it would make information unusable; or
- it is necessary for legal claims.
Ask to limit what we use your personal data for
You have the right to ask us to restrict what we use your personal information for where:
- you have identified inaccurate information, and have told us of it; and
- where we have no legal reason to use that information but you want us to restrict what we use it for rather than erase the information altogether.
When information is restricted it can’t be used other than to securely store the data and with your consent to handle legal claims and protect others, or where it’s for important public interests of Greece.
Where restriction of use has been granted, we’ll inform you before we carry on using your personal information. Where possible we’ll seek to comply with your request, but we may need to hold or use information because we are required to by law.
Ask to have your information moved to another provider (data portability)
You have the right to ask for your personal information to be given back to you or another service provider in a commonly used format. However, this only applies if we’re using your personal information with consent (not if we’re required to by law) and if decisions were made by a computer and not a human being. It’s likely that data portability won’t apply to most of the services you receive from The Vittorakis Polyclinic.
The Vittorakis Polyclinic is committed to ensuring that your information is secure. In order to prevent unauthorized access or disclosure, we have put in place suitable physical electronic and managerial procedures to safeguard and secure the information we collect.
We will retain your medical records while you are a patient of The Vittorakis Polyclinic and after you cease to be a patient, for at least eleven years, or for children until age 25, whichever is the longer.
A cookie is a simple text file that is stored on your computer or mobile device by a website’s server and only that server will be able to retrieve or read the contents of that cookie. Each cookie is unique to your web browser. It will contain some anonymous information such as a unique identifier and the site name and some digits and numbers. It allows a website to remember things such as your preferences or remembers your details when filing out a form. They are controlled by your computer. If you visit the ‘’Tools‘’ section in your browser menu, you will find details of your cookies settings. You can set your browser to warn you before accepting cookies, or you can set it to automatically reject them.
The Vittorakis Polyclinic does not make direct use of any cookies other than those required to maintain the security of your information.
By using this website, you consent to the processing of data about you by Google in the manner and for the purposes set out above.
Links to other websites
The Vittorakis Polyclinic website may contain links to other websites of interest. However, once you have used these links to leave the Vittorakis Polyclinic website, we do not have any control over that other website. We cannot be responsible for the protection and privacy of any information, which you provide while visiting such websites, and such websites are not governed by this privacy statement.