LaserVision Privacy Notice
LaserVision.gr is a Clinical and Research Eye Institute that gathers and processes your personal information in accordance with this privacy notice and in compliance with the relevant data protection Regulation and law. This notice provides you with the necessary information regarding your rights and obligations, and explains how, why and when we collect and process your personal data.
We, LaserVision.gr at 17 An. Tsocha street, 115 21 Athens, are a company registered in Greece under the title LaserVision.gr Clinical and Research Eye Institute and company number ΓΕ.Μ.Η. 4797201000 / Tax Registration number 999803012.
We are registered on the Hellenic Data Privacy Authority Register of Data Controllers under registration number 955, and act as the data controller. You can contact our Data Protection Officer Department at +30 (210) 7472777 / firstname.lastname@example.org.
The purpose of this document is to inform any person that is interested in the LaserVision.gr medical services to obtain a brief, precise and transparent point of reference about the management of our personal data practices.
At LaserVision.gr we collect and process your personal data according to this Privacy Notice in conformance to the EU regulation 2016/679, the Greek Law about the Protection of Personal Data and the current legal framework for the provision of medical services and the Medical Ethical and Code of Conduct and the patience consents. This document informs you about your rights and obligations and explains the how, why and for what purpose we process your personal data.
Information we collect
Personal data is any information such as the name, identification number, address etc. that identifies a person. Personal data like health records that describe a person’s mental or physical state, drug prescriptions/treatment etc. will be part of your personal data but comprise a special category of data which are characterized as sensitive personal data or personal health data.
LeaserVision.gr processes your personal information according to the international standards and best practices to meet our legal, statutory and contractual obligations and to provide you with our health services. We will never collect any unnecessary personal data from you and do not process your information in any way, other than already specified in this notice. We only retain personal information for as long as is necessary and we have strict review and retention policies in place to meet these obligations. We keep your health-related data for a time frame required by the law 3418/2005, after which time it will be destroyed.
Members of our clinical teams may share your personal health information with each other. This team may include healthcare professionals as well as support staff executing among others administrative tasks such as invoicing and customer service. All LaserVision.gr staff is bound by individual code of confidentiality. Your privacy and confidentiality is very important to us, and we have strict controls in place to protect your information.
By interacting with LaserVision.gr professionals, the patient health record is the collection point of patient data. There is one health record created for each patient in order to support and facilitate the diagnosis, therapy, medical advice, medical record exchange, the security and optimization of the provided medical services and to satisfy the requirements set by the law (3418/2005) and the Greek state in general. The information recorded in patient health records consists of sensitive personal data and therefore is private personal data. The professional staff involved in providing you with medical services has access to your health records and may use this information to fulfill the needs for your therapy. However, access is only limited to a need-to-know basis for the fulfillment of our services towards you (e.g. medical advice, prescription etc.) or according to the Greek law.
The personal data that we collect from are:
- Contact Details: name/surname, home address, personal e-mail, business e-mail, home telephone number, mobile phone number, work telephone number and contact details of parents or lawful representatives
- Demographic and Identification Details: birth date, personal ID / passport number, tax registration number, national insurance number, private insurance number
- Special Category Data Details like health information data: health medical information such as diagnostic results, surgery reports, health treatment etc.
We collect all above described categories of information in the below ways:
- By you calling LaserVision.gr to schedule an eye examination
- By you filling application forms providing identification as well as insurance data
- By you when providing your personal past health / diagnostic results and health background checklists. Personal data that result after the examination from LaserVision.gr professionals as well as out of the diagnostic tests performed.
- By those who have the legal right to act on your behalf (your personal representative) if you are under the age of 16 or not in a position to provide this information yourself
How We Use Your Personal Data (Legal Basis for Processing)
LaserVision.gr takes your privacy very seriously and will never disclose, share or sell your data without your consent, unless required to do so by law. We only retain and process your data for as long as is necessary and for the purposes specified in this notice, but sharing with third parties occurs only when we have your consent or in case of legal obligation.
The purposes and reasons for processing your personal data are detailed below:
- We collect and store your personal and special category of data in the performance of health treatment(s) to you based on a) contractual agreement with you, b) our legitimate interest offering health services and c) your vital interest receiving these services
- We also collect and store your personal data as part of our legal obligation for business accounting and tax purposes
- We retain your special categories of data as long as the law requires and sometimes we may share your information only when this is legally required:
- When you authorize us to act on your behalf (e.g. to collect insurance reimbursement)
- Where a formal court order has been issued
- When an infectious disease may endanger the safety of others
- When sharing information with the police may prevent a serious crime
You have the right to access any personal information that LaserVision.gr processes about you and to request information about:
- What personal data we hold about you
- The purpose of the processing
- The categories of personal data concerned
- The recipients to whom the personal data has/will be disclosed
- How long we intend to store your personal data for
- If we did not collect the data directly from you, information about the source
If you believe that we hold any incomplete or inaccurate data about you, you have the right to ask us to correct and/or complete the information and we will act to update/correct it as quickly as possible; unless there is a valid reason for not doing so, at which point you will be notified.
You also have the right to request erasure of your personal data or to restrict processing in accordance with data protection laws, as well as to object to any direct marketing from us and to be informed about any automated decision-making that we may use by sending a written notice to email@example.com. Lastly, you have the right to apply for your personal data to be transferred to other health service provision Organization in Greece or abroad.
If we receive a request from you to exercise any of the above rights, it is our strict policy to ask you to verify your identity before acting on the relevant request; this is to ensure that your data remains protected and secure.
Sharing and Disclosing Your Personal Information
We do not share or disclose any of your personal information without your consent, other than for the purposes specified in this notice or where there is a legal requirement. LaserVision.gr uses selected third-parties to provide the below services and business functions, however all processors acting on our behalf only process your data in accordance with instructions from us and comply fully with this privacy notice, the data protection laws and any other appropriate confidentiality and security measures.
The main categories of processors we may share your data with, include:
- Public health authorities
- Insurance companies
- Collaborating doctors
- Collaborating clinics or hospitals
- Facilities, IT and systems support organizations
- External health laboratories
LaserVision.gr takes your privacy seriously and we take every reasonable measure and precaution to protect and secure your personal data. We work hard to protect you and your information from unauthorized access, alteration, disclosure or destruction and we have introduced several layers of security measures in place, including:
- role based access management
- strong password controls
- network security controls
- business continuity measures
- incident response management etc.
Consequences of Not Providing Your Data
You are not obligated to provide your personal information to LaserVision.gr however, as this information is required for us to provide you with our health services, we will not be able to offer some or all of our products or services without it.
How Long We Keep Your Data
LaserVision.gr only ever retains personal information for as long as is necessary and we have strict review and retention policies in place to meet these obligations. We are required under the Hellenic Law.3418/2005 to keep your health-related data for a minimum amount of time from your last visit/examination after which time it will be destroyed.
Where you have given your consent using your details for direct marketing, we will keep such data until you notify us otherwise and/or withdraw your consent.
Special Categories Data (Health Data)
Based on the services or treatments that we offer, LaserVision.gr sometimes needs to request sensitive personal information from you to evaluate your health status and select the most appropriate health treatment. Where we collect sensitive personal data, we will only request the information required for the specified purpose and always ask for your explicit consent. You can modify or remove your consent at any time, upon which we will act, unless there is a legitimate interest or legal reason for not doing so.
Lodging a Complaint
LaserVision.gr only processes your personal information in compliance with this privacy notice and in accordance with the relevant data protection laws. If, however you wish to raise a complaint regarding the processing of your personal data or are unsatisfied with how we have handled your information, you have the right to lodge a complaint with the Hellenic supervisory authority.
An. Tsocha 17
115 21, Athens, Greece
Phone number: +30 (210) 74 72 777
Data Protection Officer
An. Tsocha 17
115 21, Athens, Greece
Phone number: +30 (210) 7472777
Hellenic Data Protection Authority
1-3 Kifisias ave., 11523 Athens, Greece,