"LIAPOPOULOU-MEDICAL SUPPLIES SA" attaches particular importance to security and respects the privacy and confidentiality of your personal data. For this reason, we invest time and resources to protect your privacy. In this effort, we are in a constant process of information and education, so as to fully comply with the applicable national, European and international legal framework and in particular with the General Data Protection Regulation 679/2016 of the European Union. Purpose of this policy We wish to inform you about the way in which our customers' personal data is collected, stored, used and transmitted, the security measures we take to protect your personal data, the reasons and the period for which they are stored, but also about the type of personal data collected. It concerns any act or series of acts performed with or without the use of automated means, on personal data or on sets of personal data, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, information search, use, disclosure by transmission, dissemination or any other form of disposal, association or combination, restriction, deletion or destruction. This Policy is updated periodically and may be modified whenever deemed necessary, without prior notice, always within the applicable legal framework and in accordance with any changes in the applicable legislation on the protection of personal data. We therefore recommend that you check this Policy at regular intervals in order to be informed of any changes that have been made. What is personal data? Personal data is any information that concerns a specific natural person or a person whose identity can be verified (e.g. name, identity number, address, etc.). Data concerning health (physical or mental condition, receipt of medical services, etc.) are included in the general term personal data but constitute a special category of data. The Company will not process your personal data without your consent. However, the Company reserves the right, in exceptional cases, to process your personal data to the extent permitted or required by law, and/or by court decisions or prosecutorial orders/provisions. How is personal data collected? Your personal data is collected in the following ways: (a) you provide it to us when the Company provides medical services to you or a person you accompany, when you contact us in order for you or a third party to receive medical services, when you submit a job application to the Company, when you fill out electronic forms or send an e-mail (“e-mail”), in order to obtain information or use the services available on the Company’s website www.medihome.gr. (b) automatically through the browser or mobile device you use to access our Website. (c) it is provided to us by a third party partner of ours after you have given your consent (e.g. insurance company, your treating physician). When registering for a service provided by the above website, you will need to fill in some fields as well as choose a username and password. In cases where your consent is required for the collection of your personal data, such as for receiving a newsletter on a regular basis, this is explicitly requested from you and you have the right to withdraw it at any time. What type of personal data is collected? In summary, the personal data collected and further processed include: – your name, address and generally your contact details (including email address and telephone number), yours or those of your relatives, – health data regarding the medical or nursing services provided by the Company or health data for medical services that were not provided by us but were reported to us either by you or by third parties – information that you give us for our payment, such as bank card information – other information derived from the use of the website and other digital platforms that we use for the purpose of informing you about the following services provided by the Company through its website and/or your registration in one or more of them: • Receiving a newsletter (“newsletter”) on a regular basis. • Receiving electronic mail or announcements/news correspondence. • Managing your medical file, if you have received services from us. • Registration of health data and receipt of information. In addition to the above data that you provide us, technical information that constitutes personal data may be collected, such as the Internet Protocol address (“Internet Protocol address”) of your device [e.g. computer, laptop computer (“laptop”), tablet computer (“tablet”), smart phone (“smartphone”)]. This technical information is used for the smooth operation and performance of websites and electronic services, and is not permanently stored in our infrastructure. More details regarding the technologies used on our websites (“cookies”, “internet tags”, etc.) are set out in the Company’s Privacy Policy (see below under chapter 2.). What principles govern the processing of personal data by the Company? The Company processes your personal data in a fair and lawful manner for clearly defined purposes referred to in this Policy. Your personal data processed by the Company are limited to what is strictly necessary to achieve these purposes, are accurate and up-to-date, are kept for a period determined by the purposes of the processing, are protected by adequate security measures and are not transferred to countries that do not ensure a satisfactory level of protection. Who collects the personal data and for what purpose? Are they transferred to third parties? Personal data are collected and processed by the Company's authorized employees per service, for the sole purpose of providing the service in question. They are only transferred to authorized third parties who are bound to maintain confidentiality, when they are required to have access in the context of providing the services in question (e.g. EOPYY). Upon your instruction, your personal data may be transferred to third parties. The Company undertakes not to market your personal data by making them available for sale/rent, giving them/transferring them/publishing or disclosing them to third parties or using them in any other way and for other purposes that may jeopardize your privacy, rights or freedoms, unless required by law, a court decision/order, an administrative act or if it constitutes a contractual obligation necessary for the proper functioning of the Company's Website and the performance of its functions. Personal data may be transferred to partners or third parties, complying with the terms of this Policy and bound to confidentiality, who act on our behalf for further processing for the purpose of providing services, evaluating and improving the functionality of the website, marketing purposes, data management and technical support, only after the user has been informed in advance and his consent has been obtained. These third parties have contractually committed to us that they will use the personal data only for the above reasons, and will not transfer the personal information to third parties, and will not disclose it to third parties unless required by law. How long are my personal data kept? Your personal data are kept for as long as required by the nature of the service provided by the Company that you have chosen and, in addition, for as long as the relevant legislation specifies. What are my rights? What can I do if I have an issue with the processing of my personal data? You have the right at any time to ask us what your personal data is that we process, for what purposes we do it, whether we give it to third parties and to whom, as well as other relevant information. You also have the right to receive a free copy of your personal data upon request. Other rights that you have under the relevant legislation on the protection of personal data include the right to request the updating and/or correction of your data, the cessation and/or restriction of their processing and their deletion from the Company’s systems, provided that there is no other legal obligation to maintain them. You also retain the right to portability and/or objection to the processing of your personal data. In particular, with regard to the newsletter service, you have the option to unsubscribe by following the instructions included in each newsletter, in order to stop the processing of personal data related to this service. You can exercise all of your above rights by submitting a written request to the address dimitraliapopoulou@medi-home.gr. In any case, you have the right to contact the competent Authority for the Protection of Personal Data (APDPH, www.dpa.gr) and/or to file a legal complaint. Each request submitted must be accompanied by appropriate proof of identification and the required information (e.g. data requiring correction) must be provided, as described in the terms of use of the respective service. The Company may request the provision of additional information necessary to confirm your identity. The Company makes every effort to ensure that your requests are answered without delay and in any case within one month of their receipt. This deadline may be extended by two (2) more months, if necessary, taking into account the complexity of the request and the number of requests. You will be informed of this extension as well as the reasons for the delay within one month of the receipt of the request by the Company. If you submit the request by electronic means, the response will be provided to you, if possible, by electronic means, unless you request something different (e.g. a written letter). In any case, you can contact the Group's Data Protection Officer, the Personal Data Protection Authority (PDPA) and/or file a legal complaint if you believe that your above rights have been violated. Is my data safe? The Company considers the privacy of the persons whose personal data it processes to be extremely important, whether its customers, employees or third parties, and makes every effort to protect them, both in terms of the confidentiality/confidentiality of the information and its integrity (not to be altered, not to be destroyed by mistake, etc.). The Company takes all appropriate organizational and technical measures, designed to protect information from loss, misuse, unauthorized access, disclosure, distortion or destruction and ensures the fair and lawful collection and processing of personal data as well as their secure storage in accordance with the relevant provisions of both Greek and EU and international law regarding the protection of individuals from the processing of personal data, as well as the decisions of the Personal Data Protection Authority, preserving the privacy and confidentiality of any information it comes to its knowledge. In particular, this Policy takes full account of the provisions and articles of Regulation (EU) 2016/679 of the European Parliament on the protection of natural persons with regard to the processing of personal data and on the free movement of data (“General Data Protection Regulation” – “GDPR”) and constantly makes every effort to comply with it. Access to the contact details of visitors/users of the Company's Website is limited to authorized persons who are bound to confidentiality (employees, service providers) and are reasonably considered to need to know this information to provide products or services to visitors/users of the Website or to perform their work. How is my personal data collected and used? Personal data is collected on the Company's Website in the following cases: – When you request information about the health services provided by the Company through the Website. – When you register and request to receive electronic mail or announcements/news correspondence from the Company. – When you register and use the services of the Company's Website. – When you voluntarily participate in the Company's health services and health programs. – By using “Cookies” or similar technologies (see the next question below for more details). The personal data collected on a case-by-case basis include, but are not limited to, the following: – Receiving a newsletter (“newsletter”) on a regular basis: e-mail address (“e-mail”). – Registering health data and receiving information: Medical history data, contact details [e-mail address (“e-mail”), postal address, telephone number, etc.]. – Monitoring the smooth operation and improving the functionality and performance of the website: Internet Protocol address (“Internet Protocol address”), browsing patterns on websites (“browsing patterns”), information regarding the use of a website, browser history (“browser history”), geolocation data (“geolocation”), HTTP protocol data, etc. This data is kept in an aggregated form so that it is not possible to identify users as much as possible. The collection and processing of personal data is intended solely and exclusively for the following purposes: – personalized information and provision of services, – provision of health services according to the preferences and characteristics of the user, – statistical analysis of traffic and use of our website, – satisfaction of user requirements as well as direct communication for the purpose of information on new health services of the company (provided that consent has been provided by the users). Further transmission to third-party cooperating bodies will be made at the request of the visitors/users themselves. The user's consent is expressly requested, after being informed of the purposes and legal basis for the use of personal data and is a basic requirement for any processing or transmission of the user's personal data. What are Cookies & internet tags? Cookies are small text files containing information that are stored in the browser of the visitor/user's computer while browsing the Website and can be removed at any time. The Company's Website uses cookies for the following purposes: – For the smooth operation of the Website, at the required speed. – To identify the device you use to navigate the Website, the browser and/or the operating system you use, in order to provide a personalized navigation experience and/or use of the Company's Website. – To store your settings during a visit or between visits (such as the username you have declared, your preferred language or the use of social media), so that you avoid having to re-type certain data. – To improve the performance and/or security of the Website. – To provide content based on your interests and needs. – To analyze the way you browse and/or use the Website. The Company DOES NOT use cookies in the following cases: – To collect personal data without your consent. – For the transmission of your data to advertising companies. – For the transmission of your data to third parties, without your consent. The types of cookies used by the Company's Website are “persistent cookies” and “session cookies”. Also, certain third-party services that are activated on the Website, such as “social media buttons”, place their own cookies on your computer, over which the administrators of the Company's Website do not have control. The session cookies used by the Company's Website are deleted after the end of your browsing session and/or after closing the “browser”. Persistent cookies remain on your computer or other device until you delete them, or until the time period specified in the cookie. You can configure the server (browser) you use in such a way that it either warns you about the use of cookies in specific services of the Website, or does not allow the acceptance of the use of cookies under any circumstances. More information about the general use of cookies and methods for blocking or restricting them can be found on the websites http://cookiepedia.co.uk/all-aboutcookies and http://www.allaboutcookies.org/. You can also delete cookies from your computer or device at any time. However, please note that by not accepting cookies or some of them, some of the features of a website may not be fully available. The Company's Website also uses “internet tags”. This method is used to measure the response of visitors to the Websites. The Company assures that, through “internet tags” and cookies, personal, identifiable information about website visitors, such as names, addresses, email addresses or telephone numbers, is NOT collected or sought. What applies to the Company's Website regarding children's personal data? The Company undertakes not to process personal data from visitors/users of its Website under the age of sixteen (16), without having previously obtained the consent of the person who has parental responsibility for the child (parent or guardian), through direct communication, outside of an electronic connection or via the internet. DISCLAIMER The texts included on the MediHome site are purely informative and under no circumstances can they be considered medical prescriptions or as a substitute for the opinion of a doctor.