The categories of data we collect
The categories of data we collect are:
- Data on order execution. These data include sensitive personal health data.
- Data from our partners.
- Our staff data.
- Contact information with third parties and site surveillance video.
- Data collected electronically, such as IP address, browser, device type, through access to the website www.clinilab.gr.
This data is collected either directly from our customers and partners with their consent where required, or through third parties who allow us access to personal data having secured the data subjects’ consent.
Purpose of processing
The Company processes personal data for the purpose of executing Contracts, complying with Legal or Regulatory obligations, and for carrying out educational and promotional activities, as well as for the protection of its legitimate interests.
Recipients of the Data
Access to the above personal data, when processed for the purposes stated, may include:
- Sections of the Company as defined in the Access Policy.
- Supervisory, regulatory and public authorities when required by law.
- Credit and financial institutions for payment details.
- External legal consultants, auditors and accountants.
- Travel agencies – Conference organizing offices.
- Suppliers of products and services.
- Web and email design and support companies.
- Postal service companies.
Service providers and suppliers enter into contracts with the Company, under which they undertake to maintain confidentiality and data protection in accordance with the data protection law.
Personal data retention interval
We hold personal data for as long as we have a business, educational or other relationship (individually or in relation to our transactions).
After the business relationship is completed, we retain the data for up to ten (10) years, according to:
- The Material Vigilance Data Retention Requirements
- Tax data retention requirements
- Compliance requirements
- The personnel retention requirements
- Contractual Obligations with Public Health Service Providers.
We may retain your data for more than 10 years if we cannot delete it for legal or technical reasons.
Exercise your rights
From May 2018 the new General Data Protection Regulation (2016/679) is in force. Under this new Regulation you can exercise the following rights under its provisions:
- Access and correction of your personal data.
- Deleting your personal data in case it is not required by law or for the provision of a service.
- Limit the processing of your data.
- Objection to processing your data.
- Portability of your data to another controller, ie your right to receive your data in an appropriate format so that it can be technically transmitted to another controller.
For any questions you may have or to exercise the rights under applicable personal data protection laws, please contact us:
- by phone at +30 210 94.84.090 or
- by letter to the address: 344 Syggrou Av. & 4 Solonos Str., 176 73 Kallithea, Attica.
In addition, you reserve the right to communicate with the competent supervisory authority regarding the protection of personal data, that is to say Personal Data Protection Authority – PDPA (1-3 Kifissias Av., 115 23, Athens, +30 210 6475600, contact email (firstname.lastname@example.org).