Privacy Policy

Personal data protection policy

Dr. Button is committed to ensuring the privacy of its visitors. This Privacy Policy explains how the personal data of visitors / users are managed, in accordance with the applicable legal framework [(REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL on the protection of the personal data of a and for the free movement of such data and repealing Directive 95/46 / EC (General Regulation on Data Protection) and any applicable laws].


1. INFORMATION

1.1 What data are we processing?

Personal data relates to data relating to you as a user, whether a patient or a healthcare provider. We may process the following types of personal information that may concern you:

  1. Contact details ("Account information"), ie information related to the name, VAT number, address, telephone, e-mail, city, country, profession, age and in general the identification data of the patient and the medical care provider and communication with them.
  2. Health Data ("Health Data") that you provide to us (concerns ONLY patients), which are always in function and with the sole purpose of the proper and legal fulfillment of the medical contract. More specifically, this data will relate to genetic, biometric or patient health information, which is collected in accordance with the principle of proportionality, so that only those data that are deemed necessary for the purpose of processing are processed. As an intermediary in the provision of health care, we will never share health data with a non-medical third party.
  3. User behavior including digital behavior (eg in-app behavior) ("Digital Behavior"). We work on Digital Behavior to improve the application, understand and analyze user behavior and improve the user experience.
  4. Technical information about identifying your location (eg unit ID, IP address) ("Technical data").

1.2 How secure is your data?

We are committed to safeguarding your personal data. Recognizing the importance of the security of your personal data, we have taken all appropriate organizational and technical measures to secure and protect your data from any form of accidental or improper processing. We use the most modern and advanced methods to ensure maximum safety. This is why all the data you provide is encrypted, including contact information and health data.

The purpose of the processing and the legal basis for the processing of the respective categories of personal data is the provision of medical care by specialized professionals in the provision of medical care and assistance, following the standard of medical service set by the rules of medical science, taking into account objective circumstances and the interest of the patient, so that the concluded medical contract is duly fulfilled.

Personal data is stored for as long as is required to fulfill the purpose (including the purpose of fulfilling the legal obligations of the website). Personal data stored based on your consent will be deleted if the consent is revoked. Surplus data is anonymous and stored after the purpose of the data is fulfilled.

1.3 What is the purpose and method of processing?

The purpose of the processing and the legal basis for the processing of the respective categories of personal data is the provision of medical care by specialized professionals in the provision of medical care and assistance, following the standard of medical service set by the rules of medical science, taking into account objective circumstances and the interest of the patient, so that the concluded medical contract is duly fulfilled.

Personal data:

  • are processed lawfully and lawfully in a transparent manner in relation to the data subject (legality, objectivity and transparency),
  • are collected for specified, explicit and legitimate purposes (listed above) and are not further processed in a manner incompatible with those purposes. Further processing for archiving purposes in the public interest or for the purposes of scientific or historical research or statistical purposes shall not be considered incompatible with the original purposes (limitation of purpose);
  • are appropriate, relevant and limited to what is necessary for the purposes for which they are processed (data minimization),
  • are accurate and, when necessary, updated. All reasonable measures shall be taken for the immediate deletion or correction of personal data which are inaccurate in relation to the purposes of the processing (accuracy);
  • kept in a form which allows the identification of data subjects only for the period required for the purposes of processing the personal data (limitation of the storage period),
  • are processed in such a way as to guarantee their proper safety, including protection against unauthorized or unlawful processing and accidental loss, destruction or deterioration, using appropriate technical or organizational measures (integrity and confidentiality).

The collection, storage and processing of your personal data will be done for the purpose of proper and legal fulfillment of the medical contract and always for the sake of your interest.

1.4 For how long is this data stored?

Personal data is stored for as long as is required to fulfill the purpose (including the purpose of fulfilling the legal obligations of the website). Personal data stored based on your consent will be deleted if the consent is revoked. Surplus data is anonymous and stored after the purpose of the data is fulfilled.

1.5 What are your rights?

When processing your personal data you have the right to request access to, correction (or completion of incomplete personal data), deletion of personal data or to restrict the processing of your subject and the right to object to the processing. In such cases, we have no obligation to disclose any correction or deletion or restriction of the processing of personal data to the recipients of such data, due to the disproportionate effort that this entails, so that the information will be provided directly by the parties to the medical contract.

In particular, if you request it, we have the obligation to delete the personal data without undue delay (right of deletion or in oblivion) if one of the following reasons applies:

  • personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed,
  • revoke at any time your consent on which the processing was based,
  • you have exercised your right to object and there are no compelling and legal grounds for processing,
  • personal data was processed illegally.

At the same time, you have the right to restrict the processing of personal data (right to restrict processing), so that such data outside of storage, can be processed only with your consent, if one of the following reasons applies:

  • question the accuracy of the personal data for a period of time which allows the controller to verify the accuracy of the data;
  • the processing is illegal, you oppose the deletion of the data and ask for its restriction,
  • you no longer need personal data to fulfill the purposes of the processing, but this data is required by you to establish, exercise or support legal claims,
  • You have exercised your right of objection and are awaiting verification as to whether the legal reasons of the controller outweigh your legal reasons.

You have the opportunity to object, at any time and for reasons related to your particular situation, to the processing of your personal data in which you have consented, including your profile training (right of objection). Only if we demonstrate compelling and legitimate reasons for processing that outweigh your interests, rights and freedoms or for establishing, exercising or upholding legal claims can it continue despite your opposition.

You will be able to pass on to other processors the data you have provided, in our structured, commonly used and machine-readable format. This data will be transferred to further persons directly, only at your request and with the sole purpose of the proper and legal fulfillment of the medical contract (right to data portability).

You have the right not to be subject to a decision based on automated processing, including profile training, which produces legal effects that affect or significantly affect you in a similar way (right to object to automated decision making).

The above mentioned rights include the general right of access to your personal data, which you have and can exercise at any time you request.

You have the right to revoke your consent at any time if the above action is deemed necessary, without prejudice to the legality of the previous processing based on the consent before its revocation.

In the event of a breach of an obligation relating to the purpose of the processing, your rights or any other obligation laid down in Regulation (EU) 2016/679 of the European Parliament and of the Council by the controller, you have the right to lodge a complaint with the Greek Authority for the protection of personal data.

In order to update, correct or delete information we have about you, to invoke any of your rights, as mentioned above or to contact our personal data representative, contact us at info@drbutton.gr.