DATA PROTECTION POLICY GDPR

Name and Contact Details of the Responsible Person according to GDPR Legislation:

Dr. Fotopoulou Niki

Vyronos 5, zip code 42 131

Trikala, Thessaly, Greece

Phone: 2431-102386

The safety and Protection of Your Personal Data

Dr. Fotopoulou Niki (hereinafter "The Doctor") considers as a primary duty the respect towards personal data and prioritizes the safety and protection of your personal data. We commit to protect your right to privacy and to ensure that all the information you choose to provide us during your visit to the Doctor's website is collected and used in full compliance with Regulation (EU) 2016/679 of the European Parliament.

This text contains the Doctor's personal data protection policy and provides every person interested in receiving medical services from her, as well as every visitor/user of the Doctor's website, the necessary information about the ways in which the Doctor complies with the European Union legislation for the management and protection of personal data.

What is the purpose of this Policy?

This Policy aims to inform about the way personal data of individuals receiving services from the Doctor are collected, stored, used, and transferred, the security measures the Doctor takes to protect personal data, the reasons and the duration for which they are stored, as well as about the type of personal data collected. It concerns every act or series of acts performed with or without the use of automated means, on personal data or sets of personal data, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

The doctor reserves the unilateral right to update, modify, add, change her services and this Policy, at intervals, whenever deemed necessary, without prior notice, always within the current legal framework and in accordance with any changes in the current legislation regarding the protection of personal data.

The Doctor encourages everyone to check this Policy at regular intervals to be informed about the changes that have been made.

What are personal data?

Personal data is any information relating to an identified or identifiable natural person (e.g., name, ID number, address, etc.). Data concerning health (physical or mental condition, receipt of medical services, etc.) are included in the general term of personal data but constitute a special category of data. The Doctor will not process your personal data without your consent. However, the Doctor reserves the right, in exceptional cases, to process your personal data to the extent permitted or required by law, or/and by judicial decisions or prosecutorial orders/directives.

How are personal data collected?

Your personal data are collected in the following ways:

(a) you provide them to us when the Doctor provides medical services to you or someone you accompany, when you approach us in order to receive medical services for you or a third party, when you submit a job application to the Doctor, when you fill out electronic forms or send electronic mail (“e-mail”), aiming to be informed or to use the services available on this website.

(b) automatically through the browser (“browser”) or the mobile device you use to access the Website.

(c) provided to us by a third party collaborator after you have given your consent (e.g., insurance company).

In cases where your consent is required for the collection of your personal data, such as for receiving a newsletter (“newsletter”) on a regular basis, it is expressly requested from you, and you have the right to withdraw it at any time.

What personal data are collected?

In summary, the personal data that are collected and further processed include:

• the name,
• the address and generally the contact details (including the email address and the telephone number), yours or your relatives',
• health data related to the medical or nursing services provided by the Doctor or health data about medical services not provided by us but reported to us either by you or by third parties,
• information you give us for payment, such as bank card information,
• other information resulting from the use of websites and other digital platforms we use to inform you, regarding the following services provided by the Doctor through her websites and/or your registration in one or more of these: regular newsletter (“newsletter”) reception, electronic correspondence or correspondence of announcements/news
• Management of your medical file, if you have received services.
• Health data entry and information retrieval.

Beyond the above data you provide to the Doctor, technical information that constitutes personal data, such as the Internet Protocol address (“Internet Protocol address”) of your device [e.g. computer, laptop (“laptop”), tablet computer (“tablet”), smartphone (“smartphone”)], may be collected. These technical informations are used for the smooth operation and performance of the websites and electronic services, and are not permanently stored in the Doctor's infrastructures.

What categories of personal data do we collect from you?

The personal data that we can legally maintain from you are your name and surname, your phone, your email address (email address) and you will receive updates via telephone communication, e-mail, sms, viber, as well as your interests in specific areas of service provision on our part.

What principles govern the processing of personal data by the Doctor?

The Doctor processes your personal data in a lawful and legitimate way for clearly defined purposes stated in this Policy. Your personal data that the Doctor processes are limited to what is absolutely necessary for achieving these purposes, are accurate and up-to-date, are kept for a period defined by the purposes of the processing, are protected by adequate security measures and are not transferred to countries that do not ensure an adequate level of protection.

Who collects personal data and for what purpose? Are they transferred to third parties?

Personal data are collected and processed by the Doctor's authorized personnel & collaborators, for the purposes and only of providing the respective service. They are transferred only to authorized third parties who are bound to confidentiality, when they need to have access in the context of providing the said services (e.g., doctors for diagnostic purposes).

Upon your order, your personal data may be transferred to third parties (e.g., another doctor of your choice) / businesses cooperating with the Doctor (e.g., insurance companies you have contracted with).

The Doctor commits not to trade your personal data by making them available for sale/rent giving them/transferring/publishing or notifying them to third parties or to use them in any other way and for other purposes that may endanger your privacy, rights or freedoms, unless imposed by law, court decision/order, administrative act or if it constitutes a contractual obligation necessary for the smooth operation of the Websites of the Doctor and the realization of their functions.

Your personal data may be transferred to partners, or to third parties, compliant with the terms of this Policy and bound to confidentiality, who act on behalf of the Doctor for further processing in order to provide services, evaluate and improve the functionality of the website, marketing purposes, data management, and technical support, only after the user is informed in advance and his consent is obtained. The said third parties have contractually committed to the Doctor that they will use the personal data only for the above reasons, and will not transfer the personal information to third parties, nor will they disclose them to third parties unless required by law.

How long are my personal data kept?

Your personal data are kept for as long as required by the nature of the service provided by the Doctor that you have chosen and additionally, for as long as the relevant legislation specifies.

What are my rights? What can I do if I have an issue with the processing of my personal data?

You have the right at any time to ask us what personal data of yours we process, for what purposes we do it, if we give it to third parties and to whom, as well as other related information. You also have the right to receive a free copy of your personal data after your request.

Other rights you have under the relevant personal data protection legislation include the right to request the update and/or correction of your data, the cessation and/or restriction of their processing, and their deletion from the Doctor's systems, provided that there is no other legal obligation for their retention. You also retain the right to data portability and/or to object to the processing of your personal data.

Specifically, regarding the newsletter service (“newsletter”), there is the possibility of unsubscribing (“unsubscribe”) by following the instructions included in each newsletter (“newsletter”), so as to stop the processing of personal data related to this service.

You can exercise all the above rights by submitting a written request to the address info@cityzenclub.net

For any issue you have regarding your personal data and/or for clarifications, you can contact the Data Protection Officer (“Data Protection Officer”) of the Doctor via e-mail, at the address info@cityzenclub.net or by phone at 2431-102386.

In any case, you have the right to address the competent Data Protection Authority (DPA) or/and to file a judicial appeal. Every request submitted should be accompanied by the appropriate proof of identification and provide the required information (e.g., the data that need correction), as described in the terms of use of the respective service. The Doctor may request the provision of additional information necessary for the confirmation of your identity.

The Doctor makes every possible effort to respond to your requests without delay and in any case within a month from their receipt. This period may be extended by two (2) more months, if necessary, taking into account the complexity of the request and the number of requests. You will be informed about this extension as well as the reasons for the delay within a month from the receipt of the request by the Doctor. If you submit the request by electronic means, the response will be provided, if possible, by electronic means, unless you request something different (e.g., written letter).

In any case, you can address the Data Protection Officer of the Doctor, the Data Protection Authority (DPA) or/ and file a judicial appeal, if you consider that the above rights have been violated.

Are my data safe?

The Doctor considers the privacy of individuals whose personal data she processes, whether they are clients, employees, or third parties, to be of utmost importance and makes every possible effort to protect them, both in terms of confidentiality/secrecy of the information and in terms of their integrity (not to be altered, not to be accidentally destroyed, etc.). In this context, the Doctor implements an Information Security Management System, which follows the best practices of international standards for the protection of personal data.

The Doctor takes all appropriate organizational and technical measures, designed to protect information from loss, misuse, unauthorized access, disclosure, distortion, or destruction, and ensures the fair and lawful collection and processing of personal data as well as their secure storage in accordance with the relevant provisions of both Greek and EU and international law regarding the protection of individuals from the processing of personal data, as well as the decisions of the Data Protection Authority, preserving the confidentiality and privacy of any information that comes to her knowledge.

In particular, this Policy takes fully into account the provisions and articles of Regulation (EU) 2016/679 of the European Parliament on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (“General Data Protection Regulation” – “GDPR”) and continuously makes every possible effort to comply with it.

Access to the contact details of the visitors/users of the Doctor's Websites is restricted to authorized persons who are committed to maintaining confidentiality (employees, service providers) and is considered reasonably necessary to know this information to provide products or services to the visitors/users of the Websites or to perform their work.

How is my personal data collected and used on the Website?

The collection of personal data on this Website of the Doctor occurs in the following cases:

• When you request information about the health services provided by the Doctor through the Website.
• When you register and request to receive electronic correspondence or announcements/newsletters from the Doctor.
• ΜThrough the use of “Cookies” or similar technologies.

he personal data collected per case include, indicatively, the following:

• Subscription to a newsletter on a regular basis: email address. (“e-mail”).
• Management of the medical record of patients who have received health services from the Doctor: the entire set of personal data included in the medical record, including health data, medical examination results, doctors' opinions, financial data, etc.
• Entry of health data and receipt of information: Medical history details, contact information [email address, postal address, telephone, etc.]..
• Submission of queries related to health services associated with Medical Tourism: full name, age, health data/ medical history, contact information [email address, postal address, telephone, etc.li>
• Monitoring the smooth operation and improvement of the functionality and performance of the websites: Internet Protocol Address, browsing patterns on websites, information about the use of a website, geolocation data, HTTP protocol data, etc. These data are kept in an aggregated form so that, as far as possible, user identification is not feasible.

The collection and processing of personal data aim exclusively and only at:

• personalized information and provision of services,
• the provision of health services according to the preferences and characteristics of the user,
• communication with the user for reminders regarding scheduled receipt of services from the Doctor,
• the confirmation of the truth and accuracy of the user's details to avoid and verify cases of fraud,
• statistical analysis of the traffic and use of the Doctor's websites,
• satisfying the demands of users as well as direct communication to inform about new health services of the Doctor (provided that consent has been given by the users).

Further transmission to third cooperating entities will be made upon the request of the visitors/users themselves. The user's consent is explicitly requested after being informed about the purposes and legal basis for the use of personal data and constitutes a fundamental condition for any processing or transmission of the user's personal data.

What are Cookies & internet tags?

Cookies are small text files that contain information stored in the browser of the visitor/user's computer during browsing on the Website and can be removed at any time and do not have access to any document or file on the computer. The Doctor's Websites use cookies for the following purposes:

• For the smooth operation of the Websites, with the required speed.
• To recognize the device you use for your navigation on the Website, the browser, or/and the operating system you use, aiming to provide a personalized browsing experience or/and use of the Doctor's Websites.
• To store your settings during a visit or between visits (such as the username you have declared, the language you prefer, or the use of social networking media), so you avoid re-entering certain data.
• To improve the performance or/and security of the Website.
• To provide content based on your interests and needs.
• To analyze how you navigate or/and use the Website.

The Doctor does NOT use cookies in the following cases:

• For collecting personal data without your consent.
• For transmitting your data to advertising companies.
• For transmitting your data to third parties without your consent.

The types of cookies used by the Doctor's Websites are “persistent cookies” and “session cookies”. Also, some third-party services that are activated on the Websites, such as “social media buttons”, place their own cookies on your computer, which are not controlled by the administrators of the Doctor's Websites.

The session cookies used by the Doctor's Websites are deleted after your browsing ends or/and after closing the browser. Persistent cookies remain on your computer or other device until you delete them or until the cookie's predetermined period expires. You can set your browser in such a way that either warns you about the use of cookies in specific services of the Websites or does not allow the acceptance of the use of cookies in any case.

You can also delete the cookies from the computer or device you use, whenever you wish. However, it is noted that not accepting cookies or some of them may make some features of a website not fully available.

The Doctor's Websites also use “internet tags”. This method is used to measure the response of visitors to the Websites. The Doctor assures that through the “internet tags” and cookies, NO personal, identifiable information about the website visitors, such as names, addresses, email addresses, or phones, is collected or sought.

What applies to the Doctor's Website regarding children's personal data?

The Doctor commits not to process personal data from visitors/users of her Website under sixteen (16) years old without having previously obtained the consent of the person who has parental responsibility for the child (parent or guardian), through direct communication outside of electronic connection or through the internet. The Doctor will request the tangible proof of the relationship of the person having parental responsibility with the child and, if this happens, you can (according to applicable law) request that the personal data of the child be deleted. The Doctor further commits that no information campaign through social networking pages is addressed to minors (under 18 years old).

What applies to links (“links”) to other websites?

The Doctor's Websites may contain references through hyperlinks to other websites, for the content and services of which the Doctor bears no responsibility, nor guarantees for their continuous and secure accessibility. The Doctor should in no case be considered to accept or adopt the content or services of the websites of hyperlinks or to be connected with them in any way. Any problem that arises during the use of the aforementioned websites is the sole responsibility of the respective owner of that website. In the case of hyperlinks to other websites, the Doctor is not responsible for the terms of management and protection of personal data they follow. We use social media to present the work and services of the Doctor through widely used and modern channels. Our use of social media is specifically indicated on our Websites. For example, you can watch informative videos of health scientists who staff the Doctor's clinics, which we post on our personal page on “YouTube” and follow (from our Websites) our links to Facebook, Instagram, and LinkedIn.

The Doctor strongly encourages users to consult the corresponding policy of each third party (e.g., search engine service providers, social media service companies such as Facebook, LinkedIn, Twitter, etc.) to be informed about the practices they follow for the protection of their personal data.

What is SSL Encryption?

This website uses SSL encryption for security reasons and for the protection of the secure transmission of sensitive information, such as the queries you send to the Doctor as the Website Administrator. The encrypted connection can be recognized when the address in the browser changes from "http://" to "https://" and the lock symbol appears in the browser line. When SSL encryption is activated, then the information you send us is not visible to third parties.