Skip to content

Privacy Policy

Application Declaration

Implementing the General Data Protection Regulation (GDPR) is a priority for the company  “E-DOCTOR CLINIC LTD” and also every partner we cooperate with.

Data Controller Details

  • Name : E-DOCTOR CLINIC LTD
  • Distinctive Title: e-Doctor Clinic
  • Company number: 13680156
  • Contact number: +44 7450410448
  • Email: info@e-doctor.clinic

The e-DOCTOR CLINIC accepts as personal data any information concerning natural persons as identified or identifiable living persons. For example, this information includes their name, home address, ID number, Internet Protocol (IP) code, health and insurance capacity information, employment status, and more.

Particular category data, such as data concerning health, racial or ethnic origin, trade union activity, and others, receive special protection.

The rules apply where the collection, use, and storage of data of natural persons takes place digitally or on paper through a structured filing system.

This policy is in accordance with the EU General Data Protection Regulation (GDPR) and opinions/decisions issued by the Personal Data Protection Authority.

Definitions

  1. “Personal Data”: any information relating to an identified or identifiable natural person (“data subject”); an identifiable natural person can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
  2. ‘processing’ means any operation or set of operations which is performed on personal data or sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available;  association or combination, restriction, erasure or destruction;
  3. “Restriction of Processing”: the marking of stored personal data to limit their processing in the future;
  4. “Filing system” means any structured set of personal data accessible according to specific criteria, whether centralized, decentralized, or dispersed on a functional or geographical basis;
  5. “controller”: the natural or legal person, public authority, agency, or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data, where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its appointment may be provided for by Union or Member State,
  6. “Processor”: the natural or legal person, public authority, agency, or other body that processes personal data on behalf of the controller;
  7. ‘recipient’ means a natural or legal person, public authority, agency, or other body to whom personal data are disclosed, whether a third party or not. However, public authorities that may receive personal data in the context of a specific investigation by Union or Member State law shall not be considered recipients; such data are processed by those public authorities by applicable data protection rules depending on the purposes of the processing;
  8. ‘Third party’ means any natural or legal person, public authority, agency, or body, except the data subject, controller, processor, and persons who, under the direct authority of the controller or processor, are authorized to process personal data;
  9. “Consent” of the data subject: any freely given, specific, informed, and unambiguous indication of the data subject’s wishes by which they, by a statement or by an explicit affirmative action, signify agreement to the processing of personal data relating to them;
  10. “Personal Data Breach” means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored, or otherwise processed;
  11. “Special Categories Data”: personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, as well as the processing of genetic data, biometric data to uniquely identify a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation.

Categories of Personal Data Collected

In the context of its activities and its regular operation, e-DOCTOR CLINIC may collect personal data of its customers or associates, as well as its employees and associates in general, as well as other natural persons with whom it transacts in the context of its operation.

Depending on the form and purpose of processing, “e-DOCTOR CLINIC” may collect and process personal data, such as the following:

CATEGORIES OF SUBJECTS DATA CATEGORIES  
Customers

These may include:

  1. Identity and demographic data (e.g. full name, father’s name, etc.),

2.       Insurance details (e.g. NIN, AMKA or AYPA and other Social Security Institution Registry data if required),

3.       Contact details (e.g. registered office address, telephone, email, etc.),

4.       The dates of the services provided.

5.       Special category data (medical data where applicable)

6.       Financial data (Account balances – Bank accounts, VAT number)

7.       Data collected through interaction with our website (IP address, End user device data, Data browsing, information about user preferences regarding www.e-Doctor.clinic services.)

Suppliers

These may include:

  1. Identity and demographic data (e.g. full name, father’s name, etc.),
  2. Contact details (e.g. registered office address, telephone, email, etc.),
  3. Professional details
  4. Contracts
  5. Financial Data (Account Balances, Bank Accounts)
  6. Other relevant data
Employees (active and not) / Prospective employees

These may include:

1.       Identity and demographic data (e.g. full name, father’s name, etc.),

2.       Insurance details (e.g. AMKA and other Social Security Institution Registry data if required),

3.       Contact details (e.g. postal address, telephone, email, etc.),

4.       CVs,

5.       Health data (e.g. medical certificates and opinions, etc.),

6.       Financial data (e.g. bank accounts, etc.),

7.       Marital status data (e.g. certificates and certificates, number and details of children, etc.)

Table 1. The categories of Subjects and their data

Purposes and Legal Bases of Processing

The e-DOCTOR CLINIC may collect and process the personal data of the natural persons mentioned in the above paragraph who use its services and products. In principle, e-DOCTOR CLINIC may collect and process personal data for the following purposes with the respective legal bases for processing:

PURPOSE OF PROCESSING LEGAL BASES
The collection, processing, cross-checking and transmission of data of the Tax, Insurance and Labor Administration exclusively for the support and operation of the framework of its responsibilities

1.       Compliance with a legal obligation [art. 6 §1 case c) GDPR] and/or

2.       Serving legitimate interests [art. 6 §1 par. f) GDPR]

The collection and processing of the necessary data of employees and / or prospective employees and associates for the proper service of existing employment or cooperation relationships or the examination of possible future cooperation

1.       Compliance with a legal obligation [art. 6 §1 case c) GDPR] and/or

2.       Serving legitimate interests [art. 6 §1 par. f) GDPR]  and/or

3.       Performance of obligations and exercise of specific rights of the controller or data subject in the field of labour law and social security and social protection law [art. 9 §2 par. b) GDPR] and/or

4.       Necessary for the purposes of preventive or occupational medicine, assessment of the employee’s ability to work [art. 9 §2 par. h) GDPR]

The provision of services

1.       Processing in the context of a contract [art. 6 §1 case b) GDPR] and/or

2.       Serving legitimate interests [art. 6 §1 par. f) GDPR] and/or

3.       Consent for the processing of special category data [art. 9 §2 par. a) GDPR]

4.       The processing of special category data is necessary to protect the vital interests of the data subject or of another natural person, if the data subject is physically or legally incapable of giving consent [art. 9 §2 par. c) GDPR]

For any other form of processing, e-DOCTOR CLINIC requests special written, free and informed consent of the subjects before the commencement of processing, if required.

Table 2. The primary purposes and legal bases of processing

The reference to more than one legal basis for processing does not mean that e-DOCTOR CLINIC changes them (lawful basis swapping), undermining the rights of data subjects, but that there are cases where more than one legal basis for processing is applicable.

Privacy of vulnerable data subjects

Our services also address individuals who belong to the category of vulnerable data subjects, including children and people who cannot consent. In these cases, our services are provided only after obtaining the explicit and informed consent of the child’s parent or guardian or the custodian of the vulnerable data subject.

If you are under the age of 15 or belong to the category of vulnerable data subjects, you are not allowed to submit your information directly to us in any way.

Given that it is not technically feasible to effectively check these criteria in all cases, we are committed if the submission of personal data of vulnerable data subjects is reported and verified without the relevant positive action on the part of the parent or guardian of the child or the custodian of the vulnerable data subject, to delete all pertinent information immediately. This deletion is without prejudice to the need to keep the data in case of foundation, exercise, or support of our legal claims.

Data Transfer/Disclosure to Third Parties

The personal data collected may be disclosed or transmitted to third parties if this is required to fulfill obligations by law or is necessary to fulfill our services, subject to the guarantees of the relevant legislation. We may assign natural or legal persons to perform some of our services. Only the personal data necessary to fulfill the assigned services are transmitted to these persons. They are committed to our Company regarding the confidentiality and safe processing of Personal Data.

Rights of Natural Persons

The e-DOCTOR CLINIC recognizes the rights of natural persons regarding protecting their data. Thus, natural persons have the right to:

  1. They are informed about the processing of personal data.
  2. They gain access to their data.
  3. Request the correction of incorrect, inaccurate, or incomplete personal data.
  4. Submit a request to erasure personal data when it is no longer necessary or if the processing is unlawful. Suppose Art.6 (1) case is applied as the legal basis for processing. c’ GDPR in most processing, the right to erasure is limited and will be judged on a case-by-case basis under the legal conditions. Moreover, according to Recital 4 of the GDPR, the right to protect personal data is not absolute; it must be assessed in terms of its function in society and weighed against other fundamental rights by the principle of proportionality.
  5. Object to processing personal data for reasons related to their situation, subject to art.21 par.6 GDPR.
  6. They submit a request to restrict the processing of personal data in specific cases.
  7. File a complaint with the Personal Data Protection Authority (1-3 Kifissias Avenue, 11523 Ampelokipoi, tel. 210.647.5600, www.dpa.gr) or with the supervisory authority of the EU Member State where they reside or work or with the supervisory authority of the place of the alleged infringement.

Communication of Natural Persons

The above rights, as well as any right regarding personal data, are exercised upon written request submitted at any point accessible to the public or via electronic communication by sending a message to info@e-Doctor.clinic The Data Protection Officer, who has been appointed by the Company, also examines the request.

Principles of Processing

e-DOCTOR CLINIC accepts the basic principles governing the processing of personal data. Personal data (Article 5):

  1. They shall be processed lawfully, fairly, and transparently in relation to the data subject (‘lawfulness, fairness and transparency’).
  2. They shall be collected for specified, explicit, and legitimate purposes and shall not be further processed in a manner incompatible with those purposes; further processing for archiving purposes in the public interest, scientific or historical research purposes, or statistical purposes shall not be considered incompatible with the original purposes under Article 89(1) (‘purpose limitation’).
  3. They are adequate, relevant, and limited to what is necessary for the purposes for which they are processed (‘data minimization’).
  4. They are accurate and, where necessary, kept up to date; all reasonable steps must be taken to immediately erase or rectify inaccurate personal data in relation to the purposes of the processing (‘accuracy’).
  5. They shall be kept in a form that permits identification of data subjects only for the period necessary for processing the personal data; personal data may be stored for more extended periods provided that personal data will only be processed for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes; by Article 89(1) and provided that appropriate technical and organizational measures required by this Regulation to safeguard the rights and freedoms of the data subject (‘storage limitation’ are applied).
  6. They shall be processed to ensure appropriate security of personal data, including protection against unauthorized or unlawful processing and accidental loss, destruction, or damage, using appropriate technical or organizational measures (integrity and confidentiality).

Record of Processing Activities

e-DOCTOR keeps a record of the processing activities for which it is responsible. That record shall contain all the following information:

  1. the name and contact details of the controller and, where applicable, of the joint controller, the controller’s representative and the data protection officer;
  2. the purposes of the processing,
  3. a description of the categories of data subjects and categories of personal data;
  4. the categories of recipients to whom the personal data are to be or have been disclosed, including recipients in third countries or international organizations;
  5. where applicable, transfers of personal data to a third country or international organization, including the identification of that third country or international organization and, in the case of transfers referred to in the second subparagraph of Article 49(1), the documentation of appropriate safeguards;
  6. where possible, the envisaged time limits for erasure of the different categories of data;
  7. where possible, a general description of the technical and organizational security measures referred to in Article 32(1).

Protection of Personal Data

Considering the nature, scope, context, and purposes of the processing, as well as the risks of varying probability of occurrence and severity for the rights and freedoms of natural persons, e-DOCTOR CLINIC implements appropriate technical and organizational measures to ensure and be able to prove that the processing is carried out by the GDPR,  adopting and implementing a holistic personal data security policy.

When assessing the appropriate level of security by E-DOCTOR CLINIC, the risks arising from processing, in particular from accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored, or otherwise processed, shall be taken into account.

To prevent a personal data breach, E-DOCTOR CLINIC, as controller, has adopted and applied a policy against attacks on the information systems it owns and manages and a specific policy for managing any incidents of personal data breach.

Staff Training

The E-DOCTOR CLINIC accepts that protecting personal data presupposes the awareness of its human resources regarding safeguarding personal data. To this end, it accepts adopting and implementing the principle of orientation of appropriate education by exploiting the Fair Information Practices (FIP), which encapsulate a set of standards governing the collection and use of personal data and the treatment of privacy and accuracy issues. The E-DOCTOR CLINIC seeks awareness of its human resources and basic concepts of personal data protection.

Modification

This policy may need to be amended to address the processing of personal data. If the modification of these terms is of such nature and to  the extent that the above data processing terms do not cover it, E-DOCTOR CLINIC will publish the new policy version.

Logo_14
×