Notification to counterparties and third parties regarding the processing of their personal data

Home Notification to counterparties and third parties regarding the processing of their personal data

The company under the name “GENESIS – GENOMA PRIVATE DIAGNOSTIC LAD – GENETIC ANALYSIS GENETIC CLINIC AND RESEARCH PRIVATE LIMITED COMPANY”, having its registered seat in the municipality of Chalandri, Attiki (Leoforos Kifisias, number. 302, Postal Code 152 32) (the “Company”), pursuant to the General Data Protection Regulation (ΕΕ) 2016/679 (the “GDPR”), informs you about the following:

  1. Types of personal data processed: The Company processes personal data, in particular and as the case may be, of the following persons (“data subjects”): (a) adults; (b) infants which are being represented by the holders of the parental responsibility or the guardianship over them; (c) unborn or embryo, subject to the legislation; and (d) persons which are incapacitated and they are represented by their judicial supporter. The personal data which are being processed by the Company are inter alia and as the case may be: (1) their contact details (e.g. last name, first name, telephone (home phone number or cell phone number), address, town, Postal Code, country, email address), date of visit, ID or passport, date of birth, profession, insurance fund, details of private insurance, husband’s/ partner’s details (as per above where relevant), details of the person making the recommendation etc.); (2) data of special category, meaning, where relevant, genetic data, health data (medical history, relevant medication, etc.); and (3) payout information, including bank card/ account information, invoice and payment information etc. The disclosure of the above data constitutes a legal or contractual obligation of the data subject or a precondition for the conclusion of the contract. In case the data subject does not provide the above personal data, wholly or partly, the Company may not be able to provide its services.
  2. Source of personal data: The source of these data is, as the case may be, the natural person that discloses personal data of himself and/ or any third party, the holders of the parental responsibility, the guardian, where relevant, the judicial supporter, doctors, medical companies, health service providers, irrespective of their legal form, other professionals in the health sector, laboratories, andrology centres, medically assisted reproduction units, cryopreservation banks etc. In so far as the above persons disclose to the Company personal data of third parties, they are responsible for complying with the applicable data protection legislation. In this context, they may need to ensure that the data subjects have given their consent prior to the transmission of their personal data to the Company.
  3. Purposes of the processing of personal data: The purposes of the processing of personal data held by the Company are, as appropriate, the following: (a) the preventive or professional medicine, the medical diagnosis and the fulfilment of the Company’s obligations in general (e.g. arrangement of appointment etc.)[1]; (b) the protection of the fundamental rights and freedoms of the data subjects or of any natural person, if the data subject is legally or physically incapable of giving its consent[2]; (c) to ensure the Company’s legitimate interests[3]; (d) to assist public, administrative and Independent Authorities and for reasons which are deemed to be material for the public interest[4]; (e) the scientific survey and statistics purposes, which are not considered to be incompatible with the above initial purposes[5]; and (f) for direct marketing purposes (e.g. brochure or newsletter) via email. It is to be clarified that email contact details (email address or phone number for sms) which were legally obtained, in the context of the service provision or other transaction with the Company may under the law be used for this purpose, without prior consent being required[6].
  4. Recipients of personal data: The personal data may be transmitted, depending on the purpose of the processing and as the case may be, to authorised employees of the Company by department/ by service, medical staff, associate doctors and other partners, doctors/ companies involved in any way in the provision of these services and professionals in the health sector in general, collaborating laboratories, the Supervisory Authority, other Independent Authorities, Judicial Authorities, Public Services which have to be informed for purposes of public interest, private or public insurance companies, any representatives of the data subjects, provided that they are relevantly authorised, credit institutions, collaborating companies that the Company has contracted with and which process personal data on behalf of the Company (e.g. IT companies, operators of medical machinery, ΙΤ service providers etc.) and to their employees, in the context of their responsibilities and all being committed to confidentiality, to professional/ medical confidentiality and to the data protection legislation.
  5. Retention of personal data: The retention period of the above data is the time allowed or required by the applicable law according to the legal framework, depending on the nature of the service provided, taking into account the limitation period provided.
  6. Data subjects’ rights: The data subject has the following rights according to the GDPR: (a) to receive a copy of his personal data held by the Company, including information about the way of processing; (b) to request the correction of inaccurate personal data and, where applicable, to request the erasure or the restriction of processing, or otherwise to object to the processing of his personal data; (c) to object to the processing of his personal data. (d) to request the modification of his personal data; (e) to request the erasure of his personal data; (f) To request to receive a copy or to have a copy of his personal data transmitted to another company (data portability) (in a machine-readable format), when the processing is essential for the performance of the contract; (g) To lodge a complaint with the competent supervisory authority regarding the way that his personal data are being processed by the Company. If the data subject wishes to receive more information/ to be notified relating to the processing of his personal data or to exercise any of his aforementioned rights, he needs to send an email to the Data Protection Officer (DPO) solely and exclusively at the email address: dpo@genlab.gr, or to send a letter to the address of correspondence mentioned above, being explicitly excluded any other means of communication (e.g. fax, phone number).

[1] Legal basis: article 6, para. 1 subpara. (b), (c), (d), (e) and (f) and for the data of special categories article 9, para. 2 (h) of GDPR

[2] Legal basis: article 6, para. 1 subpara. (d) and for the data of special categories article 9, para. 2 (c) of GDPR

[3] Legal basis: article 6, para. 1, subpara. (b) and (f) of GDPR and for the data of special categories article 9 para. 2 (f) of GDPR

[4] Legal basis: article 6, para. 1, subpara. (c), (e) and (f) of GDPR and for the data of special categories article 9 para. 2 (f), (g) and (i) of GDPR

[5] Legal basis: article 6, para. 1, subpara. (f) of GDPR and for the data of special categories article 9 para. 2 (j) of GDPR

[6] Legal basis: article 6, para. 1, subpara. (a) and (f) of GDPR