ARTHROSIS SA is strongly committed to protecting your privacy. Both personal and non-personal information collected is safeguarded according to high privacy and data protection standards.
This Privacy Policy is meant to inform you about ARTHROSIS’ data processing due to its business activity (hardcopy and online), including personal data or personal information that ARTHROSIS may collect during the visit of the website “http://www.arthrosis.gr”, in accordance with Regulation EU 2016/679 (hereinafter Regulation) and describes how ARTHROSIS collects, uses and protects your personal data as well as your rights.
Definitions
PERSONAL DATA means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number.
SPECIAL CATEGORIES OF PERSONAL DATA (sensitive data) means the data referring to racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, data concerning health or data concerning a natural person’s sex life or sexual orientation.
DATA CONCERNING HEALTH means personal data related to the physical or mental health of a natural person, including the provision of health care services, which reveal information about his or her health status.
PROCESSING means collection, recording, organizing, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination.
CONTROLLER means the natural or legal person, public authority, agency or other body which determines the purposes and means of the processing of personal data.
PROCESSOR means the natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
RECIPIENT means the natural or legal person, public authority, agency or another body, to which the personal data are disclosed.
SUPERVISORY AUTHORITY means an independent public authority which is established by each Member State. In Greece is the Hellenic Data Protection Authority (HDPA).
CONSENT OF THE DATA SUBJECT means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.
Principles relating to processing of personal data
According to the Regulation, every company shall
- collect the personal data lawfulness and fairness
- keep only the needed data
- keep data secure
- store data only for as long as necessary to fulfill the respective purpose for which they are collected and processed
- inform data subjects, when necessary
- use appropriate technical and organizational measures in order to ensure appropriate security of personal data, including protection against unauthorized or unlawful processing and against accidental loss, destruction or damage and
- be able to demonstrate its compliance with Regulation.
Policy purposes
This Policy has been compiled to better provide you with information concerning the collection and procession of personal data, such as the kind of personal data collected, for how long and for what purpose. Τhis policy applies to the visitors of our website “http://www.arthrosis.gr”, too.
With regard to our employees (candidates, staff members and former employees), ARTHROSIS applies a separate policy (EMPLOYEES’ DATA PRIVACY POLICY).
Privacy Policy
- A) The legal basis for the processing
– the compliance of our company with a legal obligation, in particular legislation on medical devices and human tissues,
– the fulfillment of our contractual obligations,
– the proper operation of our company,
– the satisfaction of data subjects’ information and communication requests.
– the protection of our staff, facilities and equipment and
– the fulfillment of our contractual obligations towards third parties, such as product manufacturers.
- B) What Personal data we collect and how we process them
The Personal data that ARTHROSIS processes are:
- healthcare CARE professionals’ (Name, Surname, Social Security number, Specialization, Employer, Professional title/ Αcademic degree, contact address, E-mail, Telephone number / Mobile phone)
- PATIENTS’ (Name, Surname, Telephone number, VAT / ID, contact address)
- supplierS or EXTERNALS (Name & Surname or name of the company, contact address, Telephone number, VAT, FAX, E-mail, contact persons)
- WEBSITE VISITORS (the technical necessary information for the connection to the website, for the installation of which the consent of the subject is not required (see COOKIES POLICY) and name & e-mail at the request of the guest)
- C) Processing purpose
– Grant of Health Care Professionals participation.
– Information, promotion and commercial communication of our products and services.
– Information provided to Health Care Professionals for scientific events, conferences or seminars.
– Execution of an order or contract.
– Fulfillment of our legal obligations towards the Social Security Organizations, Private or Public Hospitals and Clinics.
– Our compliance with medical devices and human tissues legislation (eg adverse reactions).
– Compliance with manufacturer’s requirements.
– Fulfillment of our obligations in general.
– Fulfillment of our goals.
– Reply to Suppliers, Customers (including Patients) and Partners.
In all cases, personal data are submitted to our Company voluntarily by the subjects themselves or through their representatives.
– communication with our website visitors
- D) Period of time for which your data is stored
Your data will be only stored for as long as necessary to fulfill the respective purpose for which we collect them in accordance with the Regulation.
- E) How ARTHROSIS processes your personal data
Furthermore, the processing of the data is done both on printed and electronic means and is recorded in the Company’s corporate system in accordance with applicable laws – including provisions on data security and confidentiality and in accordance with the principles of fairness and lawful processing.
- F) How ARTHROSIS discloses your personal data
Your personal data are processed by authorized officials. ARTHROSIS further may share your data with other partners, such as law firms, insurance companies, PCOs, Notified Bodies, or public service and information systems, as EOF, EOM, banks and insurance funds, as part of our compliance with external and internal regulations or where otherwise required by law.
In the context of the Company’s business activity, personal data may be disclosed to suppliers or externals of the Company. However, in this case, legal or natural person will process such data only for the purpose of providing the services to the Company and not for their own benefit, acting as processors and having committed themselves with a Statement of Confidentiality.
Exceptionally, personal data may be disclosed to third parties (police and prosecuting authorities), only if there is a statutory obligation or by a judicial authority.
- G) Transfers of personal data to third countries or international organizations
ARTHROSIS doesn’t transfer personal data to third countries or international organizations. In any case of transmission outside of the European Economic Area, ARTHROSIS will obey the Regulation.
Rights of the data subject
The data subject has the right to obtain from ARTHROSIS confirmation as to whether or not his or her personal data are being processed by this company and have access to them.
The data subject may at any time contact the Company, and in particular the Internal Data Protection Officer (telephone number: +30 210 2841006 & e-mail: iso.dpt@arthrosis.gr), to exercise the rights provided for in the General Data Protection Regulation (Articles 15-22), such as access to personal data (in order to know the purposes of the processing and the recipients of the data), the verification of the content, its origin, accuracy and location, the obtaining of a copy, updating or modification of the data, in the cases stipulated by the law, the request for definition of the data, the request for deletion of data etc. These rights are, in principle, exercised at no cost to the underlying.
In addition, if you (the data subject) have given explicit consent to the processing of your personal data for one or more specified purposes, you may withdraw your consent at any time by a simple revocation statement (contact phone number: +30 210 2841006, e-mail: info@arthrosis.gr, address: Parnithos 44, Metamorfossi, Athens).
Finally, at any time you have the right to submit directly a complaint to the Hellenic Data Protection Authority (HDPA) (www.dpa.gr).
Security Measures
ARTHROSIS uses several measures and security technologies, in order to ensure appropriate security of your personal data against unauthorized access, processing, disclosure, destruction or damage in accordance with all applicable laws on personal data protection and privacy, such as: pseudonymisation, data encryption, firewalls, data protection by design or by default, as well as organizational measures such as: severe system access policies, statements of confidentiality for employees, suppliers and externals, personnel training procedures, periodical internal audits, etc.
ARTHROSIS’ website is not intended for or designed for individuals under the age of 18.We do not knowingly collect personal information from any person under the age of 18.
Links to Third-Party Websites
As a convenience to our visitors, ARTHROSIS’ website may contain links to other sites owned and operated by third parties that we believe may offer useful information. The policies and procedures we describe here do not apply to those sites. We are not responsible for the collection or use of personal information at any third-party sites. Therefore, we disclaim any liability for any third-party’s use of personal information obtained through using the third-party website. We suggest contacting those sites directly for information on their privacy, security, data collection and distribution policies.
We reserve the right, in our sole direction, to modify or update this Policy at any time.