Our Commitment to Personal Data Protection
The Microbiological Centre “Iatriko Kastorias”, based in Kastoria, is committed to providing high-quality healthcare services. Through continuous effort aimed at improving and upgrading its services, the Centre is firmly dedicated to respecting and protecting your rights in accordance with applicable personal data protection legislation.
We kindly invite you to take the time to review this document in order to understand the reasons for and the manner in which we process your personal data, in compliance with the General Data Protection Regulation (EU) 2016/679 (GDPR).
This Privacy Policy provides information regarding: the categories of personal data processed by Iatriko Kastorias, the legal basis for such processing, the retention period of your data, the recipients of your personal data, your rights in relation to the processing of your personal data, as well as the security measures implemented by the Microbiological Centre to safeguard your privacy.
Privacy Policy for Examined Individuals
The Microbiological Centre “Iatriko Kastorias” provides reliable, secure and effective healthcare services, exclusively in the field of laboratory diagnostics. Guided by the principles of medical ethics and human dignity, it has adopted all necessary technical and organisational measures to ensure the confidentiality and security of your personal data, in full compliance with applicable European and national legislation.
Personal Data We Process
In order to provide our services appropriately, we collect and process essential personal data, including identification details, billing and insurance information, as well as medical data, in particular data relating to your health status (e.g. laboratory test results and relevant medical history).
Should you voluntarily provide previous laboratory results or medical opinions for reference purposes, such data will be securely stored and processed solely for the purpose of delivering our microbiological services. If you voluntarily provide contact details of family members or close relatives, such information will be used only in cases where communication with you is not possible or in situations of emergency.
In the event that you visit Iatriko Kastorias following a referral from a private physician, we may inform the referring physician of your laboratory results, strictly when this is considered necessary for proper medical evaluation.
For further information regarding the personal data we process, please contact our Secretariat.
Legal Basis for Processing
The processing of your personal and medical data is necessary for the provision of our laboratory diagnostic services. The processing of basic personal data (such as name and contact details) is required for appointment scheduling and service delivery. The contractual relationship for the provision of healthcare services constitutes the legal basis for such processing.
Data Retention Period
We retain your personal data for a period of 10 years in accordance with applicable legislation. Upon expiration of our legal obligation to retain your data, we will either delete your data or proceed with its immediate anonymisation. Additionally, and as an exception, the Diagnostic Centre may retain your personal data for a period longer than 10 years, solely in cases where it is necessary to serve its legitimate interests, in order to defend itself against claims. In this latter scenario, you will be duly informed.
Recipients of Personal Data
Iatriko Kastorias may disclose your personal data, strictly limited to what is necessary, to the following categories of recipients:
Healthcare and technical service providers cooperating with the Microbiological Centre (such as IT support providers or laboratory partners), acting on behalf of the Centre and bound by strict contractual confidentiality and data protection obligations.
Third-party healthcare providers, only when:
required under an insurance contract,
necessary to protect your vital interests,
mandated by applicable law.
Third parties, following your explicit written request.
For further information regarding data transfers, you may consult our website or contact our Secretariat.
Please note that Iatriko Kastorias bears no responsibility for the processing of your personal data by third parties acting independently.
Your Rights
In accordance with data protection legislation, you have the following rights:
Right of access
Right to rectification
Right to erasure
Right to restriction of processing
Right to data portability
Right to object to processing
To exercise any of the above rights or to request further information, please contact our Secretariat.
Data Security
Our medical and administrative staff are appropriately trained and continuously educated to ensure the highest standards of service and data protection. The security of your personal data is a top priority. Data is stored securely either by the Microbiological Centre or by carefully selected service providers.
We apply strict technical and organisational security measures to protect your data against loss, misuse, unauthorised access or disclosure. These measures include role-based access control, pseudonymisation, encryption and other appropriate safeguards.
If you are not satisfied with the way your personal data is processed, you have the right to lodge a complaint with the Hellenic Data Protection Authority (HDPA). However, we kindly encourage you to contact us first so that we may address your concerns promptly and internally.