Last revision: January 01, 2021
Vittorakis Polyclinic Board members, collectively known as the ‘data controller’ permit the organisation’s staff to use computers and relevant filing systems (manual records) in connection with their duties. Vittorakis Polyclinic Board members have legal responsibility for the notification process and compliance of the GDPR.
Vittorakis Polyclinic Board members whilst retaining their legal responsibilities, they have designated for the purpose of monitoring compliance with the GDPR requirements, a Data Protection Officer.
The Data Protection Officer’s responsibilities include:
All senior managers across the organisation are directly responsible for:
Personal information can be anything that identifies and relates to and can identify a living person.
The GDPR requires Vittorakis Polyclinic to comply with the eight Data Protection Principles and to notify the Vittorakis Board for Personal Data Protection about the data that we hold and why we hold it. This is a formal notification and is renewed annually.
All Vittorakis Polyclinic employees have a legal duty to keep all information provided to the organisation and themselves strictly confidential. This legal obligation is further enforced through the codes of practice of all staff respective professions and by virtue of their contract of employment with the Vittorakis Polyclinic.
The Live Chat WeSeeDo collects consent-based personally identifiable data, specifically visitor name and email address when you start a live chat with one of our employees. This data is used solely for support purposes; to advise our patients about medical issues and or, to assist with emergency-related issues.
To provide you with a high standard of medical care and attention, we need to hold your personal information which includes details of your:
We may also need to use some information about you to:
The personal data held by Vittorakis Polyclinic may have been provided by:
There are a number of legal reasons why we need to collect and use your personal information.
Generally, we collect and use personal information where:
Vittorakis Polyclinic may need to share the personal information we process with you and also with other individuals and organizations. Where this is necessary we are required to comply with all aspects of the GDPR.
Where necessary or required we share information with:
We need to keep extensive and accurate personal data about our patients to provide you with safe and appropriate medical care. We will ask you to regularly update your medical history and contact details at your earliest convenience.
To provide proper and safe medical care we may need to disclose personal information about you to:
Disclosure will occur on a ‘’need-to-know‘’ basis. Only those individuals/organizations who need to know in order to provide care for you and for the proper administration by Government authorities and personnel (whose personnel are covered by strict confidentiality rules) will be given the information.
In very limited circumstances or when required by law or court order, personal data may have to be disclosed to a third party not connected with your health care. In all other situations, disclosure that is not covered by this Code of Practice will only occur when we have your specific consent. Where possible you will be informed of these requests for disclosure.
You have the right to access the data that we hold about you and to receive a copy. Parents may access their child’s records if this is in the child’s best interests and not contrary to a competent child’s wishes. Formal applications for access must be in writing to the Vittorakis offices’ Data Protection Officer.
You have a right to withdraw your consent at any time, however, this will not be retrospective.
Your records are used to guide and administer the care you receive. They help us to ensure that:
It may sometimes be necessary to transfer personal information overseas. When this is needed information may be transferred to countries or territories around the world. Any transfers made will be in full compliance with all aspects of the GDPR.
Under the GDPR you have the following rights;
You should let us know if you disagree with something written on your file. We may not always be able to change or remove that information but we’ll correct factual inaccuracies and may include your comments in the record to show that you disagree with it.
In some circumstances you can ask for your personal information to be deleted, for example;
Where your personal information has been shared with others, we’ll do what we can to make sure those using your personal information comply with your request for erasure.
Please note that we can’t delete your information where:
You have the right to ask us to restrict what we use your personal information for where:
When information is restricted it can’t be used other than to securely store the data and with your consent to handle legal claims and protect others, or where it’s for important public interests of Greece.
Where restriction of use has been granted, we’ll inform you before we carry on using your personal information. Where possible we’ll seek to comply with your request, but we may need to hold or use information because we are required to by law.
You have the right to ask for your personal information to be given back to you or another service provider in a commonly used format. However, this only applies if we’re using your personal information with consent (not if we’re required to by law) and if decisions were made by a computer and not a human being. It’s likely that data portability won’t apply to most of the services you receive from The Vittorakis Polyclinic.
The Vittorakis Polyclinic is committed to ensuring that your information is secure. In order to prevent unauthorized access or disclosure, we have put in place suitable physical electronic and managerial procedures to safeguard and secure the information we collect.
We will retain your medical records while you are a patient of The Vittorakis Polyclinic and after you cease to be a patient, for at least eleven years, or for children until age 25, whichever is the longer.
73014 Platanias Chania
Last revision: January 01, 2021
The Vittorakis Polyclinic can process your personal data because you use the services of The Vittorakis Polyclinic and / or because you provide these The Vittorakis Polyclinic yourself when completing a form on the website. The Vittorakis Polyclinic can process the following personal data:
– Your first and last name
– Your address details
– Your phone number
– Your email address
– Your IP address
– Information about your location, device, browser settings and surfing behaviour
The Vittorakis Polyclinic does not store your personal data longer than is strictly necessary to achieve the purposes for which your data is collected. Your data will not be kept longer than 26 months if no agreement is concluded with you, or after it is dissolved. Cookies can be deleted at any time by you in the browser settings.
The Vittorakis Polyclinic website may contain links to other websites of interest. However, once you have used these links to leave the Vittorakis Polyclinic website, we do not have any control over that other website. We cannot be responsible for the protection and privacy of any information, which you provide while visiting such websites, and such websites are not governed by this privacy statement.
The Vittorakis Polyclinic takes the protection of your data seriously and takes appropriate measures to prevent misuse, loss, unauthorized access, unwanted disclosure and unauthorized changes. The website of The Vittorakis Polyclinic uses a reliable SSL Certificate to guarantee your personal data.
If you have the impression that your data is not properly secured, there are indications of misuse, or if you would like more information about the security of personal data collected by The Vittorakis Polyclinic, please contact The Vittorakis Polyclinic using the information below:
73014 Platanias Chania