This text is to describe our policy regarding personal data that we collect from our website’s visitors.

LabCare Medical Diagnostic Laboratories HC, situated in Piraeus, on 30 Mesologgiou street, with VAT number 800582857-TAX OFFICE: 5th of Piraeus is responsible for processing your personal data and will be hereinafter called “the Controller”.

The Controller processes in everyday activities as well as its website personal data of people including:

  • Clients – patients – examinees
  • Website’s visitors
  • Anyone else interested (employees, suppliers)

The Controller is fully compliant with the General Data Protection Regulation principles (2016/679 Ε.Ε. GDPR) and with any other European or national legislation concerning the protection of personal data, electronic communications etc. and is bound to  assure your personal data’s protection at all times.

  • Your data are collected for specific, definite and legitimate purposes and are not further processed in a manner incompatible to these purposes.
  • We collect the necessary personal data for every processing purpose and we handle them legally, fairly and in a manner that is transparent as far as the data subjects are concerned.
  • We ensure that the data are -as possible- accurate and up-to-date and we keep them only for as long as it is necessary for the purpose for which they are subjected to procession.
  • In any case, the criterion we use to determine the storage period is based on and takes due account of the need to comply with any relevant legal requirements as well as the principles of the data minimization.
  • We process data both electronically and manually and take all appropriate measures to protect them including protection against unauthorized or unlawful processing as well as against accidental loss, destruction or damage using appropriate technical or organizational measures.

Collection, purpose and legal basis of data processing and data’s retention time.

  1. Automatically collected data via our website

The website  https://www.labcare.gr uses the SSL protocol (Secure Sockets Layer) which uses methods of encryption of the data that are exchanged between two devices (usually computers) establishing thus a secure internet connection between them which results in the protection of your personal data.

When you visit our website our server collects the so called server log files, namely:

  • Site entry date and time.
  • The amount of data sent in bytes.
  • The browser and operating system you used to access the website.
  • Internet protocol address Διεύθυνση πρωτοκόλλου Internet (IP address) when you enter the website. The IP address along with the date and time of your visit, all comprise personal data, although we cannot track you down with this information alone.

The legal basis for which we collect your IP address and keep it in special files (log files) is our legitimate interest in processing this data in order to ensure the security of networks, information and services against accidental events or illegal or malicious actions that compromise the availability, authenticity, integrity and confidentiality of stored or transmitted data(e.g. control of ddos “denial of service” attacks) as well as our legal obligation to provide a more secure environment for the processing of your personal data (GDPR article 6, paragraph 1, case 6 and 3). The data will not be used or transferred in other way. We reserve however, the right to review

Server logs if specific indications of unauthorized use are detected.

  1. Clients’ data

When you visit our website we collect your personal data, such as your full name, father’s name, email, postal address, gender, age, occupation and any other information relevant to the provision of  medical services to you.

The purpose of processing your data is to provide you with the requested services and the legal basis of the processing is the execution of the contract between us (Article 6, paragraph 1b and article 9 paragraph 2 GDPR) as well as our compliance with our legal obligations. Your data retention time is that required by the law or possibly longer if any legal claims arise. It is clarified that we do not have a publicly accessible list of email addresses of our subscribers/users.  Therefore, any personal data that appear anywhere on the pages and services of the controller’s website are intended solely for the purpose of ensuring the operation of the respective service and may not be used by any third party without complying with the provisions of the legislation regarding the protection of personal data processing, as it applies from time to time.

The data controller acts in accordance with the current legislation and aims to better implement good practice on the Internet. Your personal information is kept securely for as long as you are registered with a service of the Processor and is deleted after the termination of your transactional relationship with the Processor in any way.

  1. Data we collect via email and the contact form

In the context of our communication via email and via the contact form, we collect your email address, your name and any other information you provide us with.  This information is stored and used exclusively to respond to your request. The legal basis for the processing of these data is your consent (GDPR article 6, paragraph 1a). Your data will be deleted after the final processing of our communication. This will happen after the purpose and scope of our communication has been completed, provided that there are no legal requirements for the storage of such data.

  1. Newsletters

With your consent we will collect your email in order to send you newsletters with our news and articles that you may find interesting. The legal basis for the processing is your consent (GDPR article 6, paragraph 1a) and you have the right to withdraw it at any time. 

  1. Supplier data

For the execution of  our contract we collect data from our suppliers such as name, address, contact information, shipping information, financial data, which are provided by them. The legal basis for the processing of these data is the execution of a contract and the consistency with legal obligations (GDPR article 6 paragraph 1b and 1c).  We retain these data for a period of up to twelve years from the last provision of services or as long as the tax and any other legislation orders.

Who can access your data – Data transfers

Your data can be accessed by our employees as well as by any other person authorized to process it in the course of their duties.

Moreover, we cooperate with third parties, natural or legal, professionals, independent consultants, etc. who provide us with medical, commercial, professional or technical services.

( e.g.: website hosting, accounting services, transport services) for the purposes stated above, and for the support our Practice in whole or in part, in relation to our activities.

These natural/legal persons will act on a case-by-case basis, as Public or Independent Processors, as acting processors or as persons authorized to process personal data for the same purposes mentioned above, with the same security measures and in accordance with the applicable legal liabilities.

Before the third party receives Personal Data, we must:

(1) complete a privacy audit to assess the privacy practices and risks associated with those third parties

(2) obtain contractual assurances from those third parties that they will process Personal Data in accordance with our instructions and pursuant to this Policy and to the applicable law. We shall moreover ensure that they will immediately notify our Practice of any privacy or security incidents, for any failure to comply with the standards set forth in this Policy and applicable law, that they will cooperate to remedy any such incident, that they will help us to meet the rights of individuals set out below and that they will allow the Controller to check their processing for compliance with these requirements.

Finally, the data can be further transmitted to public authorities and institutions, as well as to our legal supporters (legal and insurance companies), for legal purposes.

Apart from the above, the Data will not be disclosed to third parties, individuals or legal entities and will not be disseminated.

Our Diagnostic Center does not transfer Personal Data outside the EU, and if necessary (for example, in order to use Cloud services) this will be done under the terms and conditions provided for in Articles 44 et seq. of the GDPR, such as with your consent, with the application of standard contractual clauses approved by the European Commission or in countries considered safe by the European Commission.

Use of cookies

Caring about your best navigation, as well as about the best provision of our services, we use cookies.

Cookies are text-files with information, which the web server (web server of the Controller) stores on your computer when you visit this website

This way, the website remembers your actions and your preferences for a period of time, in order to have, for example, personalization of online advertisements, traffic analysis or other statistical analysis, and provision of the services you have requested. You therefore do not need to enter these preferences every time you visit the website or browse its pages.

Please bear in mind that only the Processing Manager and its specially authorized partners have access to any information regarding cookies.

Please not that you can control and/or delete cookies according to your wishes. You mayl find details on the website:

http://www.aboutcookies.org

In case you choose to disable cookies on the website https://www.labcare.gr the functionality of some pages may be lost or reduced.

You may check below which cookies we use:

If you need more information regarding the use and management of cookies on the web site, you may visit the following webpages:

About cookies and their management:

http://www.aboutcookies.org/default.aspx

http://www.whatarecookies.com/

About Google’s policy:

https://www.google.com/about/company/user-consent-policy.html

https://www.google.com/policies/technologies/cookies/

http://www.google.com/intl/el/policies/privacy/partners/

Data security and integrity

The Controller applies reasonable technical and organizational security policies and procedures to protect personal data and information from loss, misuse, alteration or destruction.

Moreover, we try to ensure that access to your personal data is limited to those who need to have access to them. Persons who have access to data are obliged to maintain the confidentiality of such data.

Please be aware that the transmission of information over the Internet is not completely secure.

Although we make every effort to protect your personal data, we cannot guarantee the security of data transmitted to our website. After receiving your information we will implement strict security procedures and features to try to prevent unauthorized access.

We make every reasonable effort to keep the personal data we collect from you only for as long as we need them for the purpose for which it was collected or until it is deleted (whichever is sooner), unless we continue to observe them according to the provisions of the current legislation.

Links to other websites

Our website may contain links to other websites, which are governed by other privacy statements whose content may differ from this Privacy Statement.

Please read the privacy policy of each website you visit before submitting any personal data to it. Although we strive to provide links only to websites that share our high standards and respect for privacy, we are not responsible for the  content, security or privacy practice of other websites.

Data of the underaged

When we need to process data of underaged (e.g. underaged patient data),  according to the GDPR, for those who have not reached the age of 15, the processing takes place only with the written and explicit consent of the persons who have their parental care. In any case, we make reasonable efforts to verify that consent is given or approved by the person who actually has parental care of the child, i.e. by verifying identity and any other available evidence.

Rights of data subjects

You can contact us by post or email at the addresses listed in paragraph (1) above, to exercise your rights in accordance with Articles 15 et seq. of the GDPR.

You can, for example, request an updated list of people who have access to your data, get confirmation as to whether or not we are processing personal data relating to you, check its content, source, accuracy and location (also in relation to any third country), request a copy, request their correction and restrict their processing and even ask us to delete them, if applicable.

Likewise, you can always report comments and submit complaints to the Hellenic Data Protection Authority, 1-3 Kifissias Ave., GR 115 23, Athens, Call Center: + 30-210 6475600 or at http://www.dpa.gr/

Changes to this Policy

The controller frequently reviews this Policy and may modify or revise it periodically at his discretion. In case the controller proceeds to changes, he will record the date of modification or revision in the Policy. The updated Policy will apply to you and your information from that date. We encourage you to periodically review this Policy to review any changes of the way we manage your personal data. This Statement was last updated in May 2022.

Contact us

If you have any questions, comments or complaints about our handling or protection of your personal data, or if you wish to amend your personal data or exercise any of your rights as a data subject, please contact us at: info@labcare.gr.