This informative text provides to every person who receives or is interested in receiving medical services of E. Tzeranis Psychiatric Hospital SA a concise, accurate and transparent information on the terms and conditions that we collect and process your personal data.
Our Hospital reserves the right to modify and update this policy whenever it deems necessary and the changes in force take effect from their posting on our website www.tzeranis.gr and in our reception area.
I. PROCESSING MANAGER & PERSONAL DATA PROTECTION MANAGER
1. Who is the Processor:
Responsible for the processing of your personal data is the company with the name “Neuropsychiatric Eleftheriou Tzerani Hospital “SA”, located in Nea Penteli on Penteli Avenue no. 1, 15236, in Greece, with TIN: 094355820 and Tax Office of Athens, Tel. & Fax: + 30 2108044340.
2. Contact with the Company’s Personal Data Protection Officer.
You can contact the Company Data Protection Officer (DPO) at email email@example.com and at 210 8047624 3.
3. Questions and Comments
You can contact us at the contact details listed above and submit them to us your comments, questions, comments or any complaints regarding this Policy and the general collection and processing of your personal data.
II. DATA COLLECTION AND PROCESSING
Personal data or information of a personal nature means any information concerning an identified or identifiable natural person (‘data subject’). The identifiable natural person is the one whose identity can be verified, directly or indirectly. This data does not contain data that is anonymous.
1. What data do we collect about you and how do we collect it?
E. Tzeranis Psychiatric Hospital for the purposes of conducting its business activities collects and processes different categories of personal data. This data is collected in electronic form, in printed form, in combination with the above as well as in the form of video recordings from security cameras in specific areas that have been deemed necessary for patient safety reasons. According to article 4 par. 7 of the GPD our Hospital as Head of Processing determines both the purpose and the way of processing the personal data, for purposes that are related to specific areas of its business activity.
For the purpose of providing health services we collect the following categories of data:
– Contact details: name, home address, e-mail, home phone, mobile phone, name and contact details of the patients’ attendants or relatives.
– Demographics and identity data: date of birth, identity card number, passport number, TIN, AMKA, details of the financially liable for the hospitalization.
– Personal data of special category: medical history, duration and dates of hospitalization of the patient in the clinic, previous hospitalizations, diagnosis, records of his health, medication, results of laboratory tests, observations of the doctor and psychologist who monitors the patient.
– Data related to the processing of financial transactions: bank account number, credit or debit card details. Personal data is obtained in the following ways: – orally on arrival / admission of patients from the Patient Movement Office or the doctors of the hospital
– by completing the documents that are intended to be the medical file of the patients with data provided by the patients and data obtained from the examination of our doctors as well as the results of the diagnostic examinations of the patients.
– by persons accompanying patients or having a legal right to act on your behalf.
Also, our Hospital, in order to ensure the safety of the mentally ill patients, has installed a video surveillance system in specific areas where patients coexist. The installation locations of the cameras have been identified with the criterion of data collection which is absolutely necessary for the purpose of processing without affecting the fundamental rights of sick relatives and employees. Simple videotaping is done without recording and the Hospital has placed the necessary markings.
Health Services Sector
The doctors of our Hospital, in order to provide a thorough psychiatric care and treatment, create the individual medical file of each patient, which contains information that is recorded in each contact of our patients with any health professional of our hospital. The medical record will support the medical assessment, diagnosis and treatment of our patients. In the second stage it will allow the continuation of the provided health care, the clinical exchange of information. The information entered in the patient’s personal file is sensitive personal data and is covered by medical confidentiality. The authorized health professionals of our hospital can access the patients ‘health file and make use of the information it contains, only for the needs of the patients’ treatment and only in case this access is directly related to the fulfillment of their duties or provided for by law.
The Administration Office of the hospital receives knowledge of the personal data of patients for the needs of performing our administrative and financial functions. Specifically, these data will allow the pricing of services and the submission of medical records to the competent insurance companies in order to reimburse the costs of medical treatment. The health data or other elements of your medical record that may come to the knowledge of the employees in the Administration Office are limited in scope and extent according to their responsibilities and remain confidential. The staff of the Hospital is committed to maintaining the confidentiality, confidentiality and confidentiality of information obtained from both the Code of Conduct and through its employment contracts that include special conditions of confidentiality.
Administrative and Financial Sector
In order to comply with the requirements of tax and insurance legislation, the staff of the Administrative and Financial Services processes and stores personal data of its suppliers and associates.
For this purpose we collect the following data:
– Contact Information: name, home address, personal e-mail, home phone, cell phone.
-Demographics and identity: date of birth, card number ID, TIN, AMKA.
– Professional details: occupation category, salary, previous service
– Data regarding the processing of financial transactions: bank number account, credit or debit card details.
The personal data of our employees, suppliers and partners are obtained in the following ways:
– Information given by employees orally or in writing during their recruitment process
– Contracts signed between the two parties.
Contact form of the Clinic website.
The website of the clinic www.tzeranis.gr, gives the opportunity to its visitors to contact the clinic, by filling in the relevant contact form their name and email. These data are not used for any other purpose, except the communication of the hospital with the specific visitor who filled in the contact form.
III. Purposes of processing personal data
E Tzeranis Hospital collects and processes your personal data in order to:
– Provides you with integrated health services within our contractual relationship
– To pursue his legal interest
– To safeguard the vital interest of his patients in receiving these services
– May comply with its legal obligations
Our Hospital does not share your data with third parties. Exceptionally, we may share your information with third parties only if required by law, namely:
– When an infectious disease can endanger the safety of others.
– When a formal court decision has been issued.
– When required by the competent prosecutorial or prosecuting authorities. – When you give us an explicit order and authorization to do so (eg, in case you wish to be reimbursed for your medical expenses by your insurance company and / or your insurance company)
. – The observance of our legal obligation (eg the collection of receivables through third parties).
– Upon receipt, after detailed information, of an explicit signed order and authorization regarding your participation in research protocols or data collection for clinical research purposes. Your participation in such surveys is completely optional on your part and your consent can be revoked at any time.
IV. Recipients of personal data
The E. Tzeranis Psychiatric Hospital defines as recipients of the personal data that it collects and processes the following categories of natural or legal persons and to the extent it deems necessary:
– Public and Private Health service providers.
– Public Social Insurance Organizations / Social Security / Health Funds.
– Insurance companies.
– Supervisory Authorities and
– Organizations under the responsibility of the Ministry of Health.
– Tax and Insurance Authorities
V. Legal bases for processing
The execution of the contract between us: the provision of preventive or occupational medicine services, ability to work, medical diagnosis, provision of health or social care or treatment or management of health and social systems and services to you is the primary legal basis for the processing of your personal data, as well as your health data, which
sensitive personal data.
– The legitimate business interest: to manage and protect our business, the mediation, exercise or support of legal claims or court defense of the Hospital.
– The observance of a legal obligation with which we are committed: in the context of its activities the is obliged to process your personal data in order to comply with its obligations arising from the law, such as for example the keeping of financial data of transactions for tax purposes
– The explicit consent of the patient or his relative which is legalized in cases where the patient is unable to give his consent:where required for data transfer to bodies or any third party, as well as in cases of participation in scientific research programs or for statistical purposes which are proportionate to the objective pursued.
– The protection of the vital interests of the patient or other natural person if the patient is physically or legally unable to consent.
– Ensuring the public interest in the field of public health, such as protection against serious cross-border health threats or ensuring high quality and safety standards healthcare and medicines or medical devices.
V. Execution of personal data processing by third parties
The Tzeranis Psychiatric Hospital in the context of the provision of high quality services, has commissioned its partners in the provision of specific services. These partners act as executors of processing and cover the following cases:
– External Accountant, in order to properly maintain the books and records of the Hospital and the full compliance with its tax and insurance obligations.
– Computer Companies, which have undertaken the maintenance and upgrade of the software used by the company.
– ISO organization, which controls and certifies the high level of health services offered by hospital.
The Hospital, recognizing its responsibility as the controller for the selection of (Article 28 (1) of the GIP), cooperates with bodies that provide adequate certificates for the implementation of appropriate technical and organizational measures to ensure that the processing meets the to ensure the protection of the data subject’s rights.
Also in all cases, in accordance with the provisions of Article 28 para. 3 of the GCP, edited by the processor is governed by a contract which binds the processor in relation to him controller and determines:
– the object, the duration, the nature, the purpose of the processing
– the type of personal data
– the categories of subjects and
– the obligations and rights of the controller.
VI. How long do we keep your data?
At E Tzeranis Hospital we keep your personal data only for the period that is necessary. The Code of Medical Ethics (L3418 / 2005) provides for the observance of data concerning health for twenty years since the last visit or hospitalization to our hospital. In some cases this period of time may be extended due to the nature of the incidents that our hospital accepts as such to have all the details of your previous hospitalizations to facilitate the provision of more complete services to our patients. In any case, the personal data of the patients are kept for two years after the death of the patient or from the moment we are informed about it.
Tax and insurance data are maintained in accordance with tax and insurance legislation.
VII. Protection measures
At E. Tzeranis Therapeutic Center SA we take every reasonable technical and organizational measure and precaution to protect and safeguard your personal data in order to securely process your personal data and prevent accidental loss or destruction and unauthorized and / or unauthorized access to their use, modification or notification. We have properly trained our staff and created the necessary levels of security measures such as specific policies and procedures, role-based access management, password controls, network security controls, business partnership measures. incident management.
– The GCC has a specific provision for safeguarding the rights of patients, their relatives and workers. whose personal data is collected and processed by our Hospital. Specifically the following rights are observed: Your Rights in relation to your personal data Information on the details of the controller and the data protection officer, the purposes and legal basis of the processing, the recipients / categories of recipients of the data and their rights as provided for in the GCC (Article 13).
– Access to your personal data, how it is processed, the purposes of processing recipients, information on their origin. It is also planned to receive copies in hard copy or in electronic form (Article 15).
– Correction / Modification / Update of personal data. (Article 16)
– Request the deletion of your personal data (Article 17).
This right does not really apply to the processing of data in the field of health care because the controller is not obliged to accept the request if the processing is deemed necessary
– for compliance with legal obligation reasons
– of public interest in the field of public health
– archiving purposes in the public interest, for scientific research purposes, or
– for statistical purposes to establish, exercise or support legal claims.
– Restriction of processing (Article 18)
– if question the accuracy of the data (and until verified)
– only part of the data is now required for processing purpose
– you have exercised the right to object to the processing and until it is confirmed that the legal the reasons for which we are processing outweigh the reasons for the subject
– you want to restrict the use of data and not delete it.
– Data portability. Our patients and staff have the right to receive the data concerning them in a structured and widely used electronic format. form. They may also request that such data be transmitted directly to another processing (Article 20).
– Opposition to the processing of simple personal data, if they are substantial conditions for its application (Article 21). However the right of objection cannot be applied to cases of processing of sensitive personal data, such as data relating to which are processed on the basis of Article 9 para. 2 items (h) of the GCC.
Our Hospital as a Head of Treatment will try to respond to the request as much as possible quickly and in any case within one month of receipt of the request. If your request is too- plot or we have to satisfy more requests then this deadline can be extended for two still months. In this case you will be informed about it.
You can contact the Data Protection Officer (DPO) at firstname.lastname@example.org or at 210 8047624
IX. Right of complaint.
In case of violation of your personal data you have the right to file a complaint to the Authority Personal Data Protection (www.dpa.gr): Call Center: +30 210 6475600, Fax: +30 210 6475628, E-mail: email@example.com.