Personal Data Protection Policy - ΠLATON ΔΙΑGNOSIS

1.1 “PLATON” services

The name PLATON covers a group of companies comprising the most reliable and specialised diagnostic laboratories in Thessaloniki, with 22 years of experience, aiming at the smooth processing of all clinical or diagnostic tests and the provision of a range of health services, creating a friendly atmosphere for visitors and respecting their concerns.

PLATON MEDICINE S.A. has its headquarters on 37 John Kennedy Ave., 55535 Pylaia, Thessaloniki and has branches in Athens as well as in other parts of Thessaloniki and GEORGAKARAKOS S.A. & CO LIMITED PARTNERSHIP “PLATON” has its headquarters in 34 K. Karamanlis Street, Kalamaria, Thessaloniki, while operating as a group of companies.

The above legal persons under the common name “PLATON”, as joint controllers of personal data and in order to fulfil their mission, determine the purposes and way of the processing of such data in accordance with Regulation 679/2016/EU on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (hereinafter “GDPR”), Law 4624/2019, Law 3471/2006 and the applicable legislation in general.

This website provides:

information on the medical – diagnostic services provided by the “PLATON” group;
the ability to communicate with our diagnostic centres and service facilities;
the ability to inform the persons tested regarding the results of their medical tests; and
the possibility of submitting a curriculum vitae in order to find a job in the context of the group’s business activity.

1.2 Key articles

Article 1: Scope and purpose of this Personal Data Protection Policy

The scope of this Policy is the definition of the basic principles and rules according to which the “ΠLATON” group collects and processes personal data, as such data are defined by the applicable legislation.

Article 2: General principles of processing

The “PLATON” group undertakes that the personal data processed by it:

I. Are collected in a legitimate and lawful manner.

II. Are processed only for the purpose already notified to the data subject and/or imposed by the obligation to comply with a legal provision. III. Are appropriate, relevant and not excessive in relation to the specific purpose for which they are used.

IV. Are kept accurate and up-to-date.

V. Are retained only for the time necessary to fulfil the purpose of their collection.

VI. Are processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.
The “ΠLATON” group must ensure that the data subject has the right to restrict the processing of personal data in the event that:

i. The accuracy of the personal data is contested by the data subject, for a period that allows the “ΠLATON” group to verify the accuracy of the data.

ii. The processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead.

iii. The “ΠLATON” group does not need the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defence of legal claims.

iv. The data subject has objected to the processing of his/her personal data pending the verification whether the legitimate grounds of the controller override those of the data subject.

Article 3: Principles of processing

Personal data shall be processed in accordance with the principles of legality, objectivity and transparency, taking into account any additional restrictions imposed by the purpose of the processing. Below is a summary of the basic principles, as derived from the General Data Protection Regulation:

(1) Principle of Legality, Objectivity and Transparency

The data are processed lawfully, fairly and in a transparent manner in relation to the data subject. Transparency requires that the information provided to the subject should be concise, easily accessible and comprehensible in clear and plain language.

(2) Principle of Purpose

The purpose is an essential element of the right and is used to assess the other principles. The data are collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes.

(3) Principle of Proportionality

The data are adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed.

(4) Principle of Accuracy – Updating

The data are accurate and updated as necessary. In addition, reasonable measures shall be taken to promptly delete or correct the data. Subjects are given the opportunity to correct their data.

(5) Principle of Limited Storage Period

The data shall be kept only for the period necessary for the purposes of the processing.

(6) Principle of Appropriate Security

Personal data are processed in a manner that ensures their appropriate security, their protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.

(7) Principle of Accountability

The “PLATON” group is responsible for and must be able to demonstrate compliance with the principles governing the processing of personal data.

Article 4: Categories of personal data and purposes of processing conducted through the website

During your visit to the “PLATON” group website, the following categories of personal data are processed for the purposes stated according to the respective legal basis of processing noted in each case:

Personal data	Processing purpose	Legal basis for processing
Device data Device ID, operating system and version that the device is running, or other user device and navigator (browser) IDs.	Logging in to the webpage	Legitimate interest
Login details Time, date, duration of the visit, user location origin, IP address and other connection protocol related information.	Logging in to the webpage	Legitimate interest
Name, email, contact phone, personal information included in the message of the person requesting contact	Contact with you through the relevant section of our website	Consent
Name, email, CV details	Searching for a job in the “PLATON” group	Consent Legitimate interest

Please note that for receipt of the results of medical – diagnostic tests online, a link to the Patient Link service platform is provided via our website; via this link the requesting visitor is transferred to the https://www.patientlink.eu/ page, where the company’s specific protection policy applies.

Article 5: Social Networks

The “PLATON” group has official accounts on the following social media: Facebook, Linkedin, Twitter

With the help of each of the above platforms we collect and process certain data of their users (such as their user name). The purpose of processing the set of data we collect, whether anonymised or not, is to provide updates about our content or to communicate with them in response to messages sent to us, and the legal basis for the processing is their consent. The visitor – user of our social media pages provides consent by liking or following our pages and can withdraw consent equally easily, in exactly the same way (unlike, unfollow). The consent given in the manner described above implies acceptance of our data protection policy, which is displayed in a visible and easily accessible place on the relevant page. If the visitor – user of our social media pages does not agree with our policy, they must withdraw their consent in the appropriate way (unlike, unfollow). The “ΠLATON” group is not responsible for the way or the means of user data processing by each of the above platforms. You can find out more about their policies, specifically for Facebook: here and here, for Linkedin here and for Twitter: here and here

Article 6: Cookies

On our website https://www.platonae.gr/ we use cookies in order to provide the best possible experience of using the website.

We consider the protection of personal data to be particularly important and we want to ensure that visitors are fully informed about the specific issue of the use of cookies on our website.

Cookies are small files with information that a website (in particular the webserver) stores on a user’s computer, so that every time the user logs on to the website, the latter can retrieve that information and offer related services to the user; read more here

https://www.dpa.gr/portal/page?_pageid=33,146950&_dad=portal&_schema=PORTAL .

In particular, we use the following categories of cookies:

a) Essential cookies: These are required in order to navigate the website or application, as well as to use the functions it provides. Without the use of such cookies, the proper operation of the website is not guaranteed (e.g. text entry), even while browsing various pages on the general website.

B) Functionality cookies: These allow a website/application to store information that has already been submitted (user name, language choice, or the user’s region) and improve the user’s ability to enjoy personalised browsing. These cookies collect anonymised information and do not allow tracking of websites. Our website uses functionality cookies related to the chosen language.

c) Performance cookies: These collect information about using a website / app – for example, which pages users visit most frequently and whether they receive error messages from the site. Cookies do not store information that allows user identification. The stored information is used exclusively to improve and implement the performance of the website and, therefore, the experience provided to the user.

d) Analysis/ GoogleAnalytics Cookies: We are clients of the Google Analytics service and use the “conversiontracking” service. GoogleAnalytics uses ‘cookies’, i.e. files that are stored in the computer’s memory and provide information on how visitors use a website. These cookies cannot be used to identify any visitor.

The visitor may, however, prevent Google from collecting and processing the data resulting from the use of the website (including an IP address) by installing the additional browser available at the following link: https://tools.google.com/dlpage/gaoptout?hl=en.

In general, the use of cookies can be configured using the appropriate options in your browser; however, in this case the visitor may not be able to fully utilise the functions of our website.

The table below describes in detail the cookies present on the Website (https://www.platonae.gr/ ). The link to the privacy policy of the party that produces and manages these cookies is displayed along with each “third party cookie”:

Cookies	Type	Purpose	Privacy Policy
UUID	Session cookies and persistent cookies	Cookies that are necessary for browsing the Website, for internal security and management purposes, as well as for remembering the language chosen by the user	This page (platonae.gr)
google.gr google.com __utm.gif __utma __utmb __utmc __utmt __utmz	Third Party ookies – Persistent cookies	Cookies for GoogleAnalytics	https://support.google.com/analytics/answer/6004245?hl=en https://tools.google.com/dlpage/ga optout?hl=en

For instructions on how cookies work in different browsers click here.

To disable non-technically necessary cookies click here.

Article 7: Data Subject Rights

7.1 Data subjects’ right to information

Data subjects shall have the right to be informed of whether their personal data are being or have been processed, in particular by being made aware of:

I. The identity and contact details of the controller.

II. Their personal data as well as their origin.

III. The purpose and duration of collection, processing and/or use of personal data.

IV. The method of processing and, in the case of transfer to third parties, the recipient, the purpose and the extent of transfer, in particular in this concerns a transfer to a third country or an international organisation.

V. The provisions of this Policy regarding the protection of the data subject’s rights. Such information shall be made available to the applicant in an intelligible form, in writing upon receipt of the data.

7.2 Other rights of the data subjects

In addition to the rights provided for in the applicable law (right of access, rectification, erasure, portability, restriction of processing, opposition to automated decision-making and profiling), each data subject shall have, in particular, the right to question the implementation hereof.

Any question, complaint or concern regarding the processing of personal data by the “PLATON” group shall be addressed to the Data Protection Officer:

by email: dpo@platonae.gr
by post: “PLATON” Data Protection Officer, 37 John Kennedy Ave., 55535 Pylaia, Thessaloniki

In any case, data subjects have the right to appeal to the competent authority (Data Protection Authority) www.dpa.gr.

Changes to this Policy

This Policy may be revised from time to time in accordance with the requirements of the applicable legislation. Whenever this Policy changes, a notice will be posted on our group’s website for 15 days.