At “Genekor” we are committed to respecting the Privacy of the individuals and protecting their Personal Data.

Below is our general privacy notice for the protection of the personal data of any individual which informs you about how we use and protect the personal data you submit to us or that we collect about you when you use our website or when you contact us and when you perform any of the medical tests offered by us.

We also inform you about your rights provided by the legislation regarding the protection of your personal data, i.e. the General Data Protection Regulation 679/2016 and the Greek law 4624/2019 (“L. 4624/2019”).

Separate privacy policies apply to employees, job candidates and to the collection of personal data through cookies or other recording tools as well as through recording via the Company’s Video Surveillance System.

By using our website, and the services provided by Genekor, you agree to be bound by the present Policy.

WHO WE ARE

Genekor, is considered, as per the applicable GDPR terminology, the “Data Controller” in regards to the personal data it processes. This means that Genekor determines the way and means by which it processes (i.e., collects, retains, uses, discloses) the personal information.

We are the Company « GENEKOR PRIVATE DIAGNOSTIC LABORATORY MEDICAL SOCIÉTÉ ANONYME », having its registered office at Gerakas, hereinafter referred to as “Genekor”, which is an emerging multinational company specializing in Molecular Biology and Genetics tests.

Our company details are:

GENEKOR PRIVATE DIAGNOSTIC LABORATORY MEDICAL SOCIÉTÉ ANONYME 52, Spaton Avenue

153 44 Gerakas.

Τel .: +30 210-6032138

Fax: +30 210-6032148

E-mail: info@genekor.com

You can contact the person responsible for all Data Protection matters in our Company at the email address: dataprotection@genekor.com.

 

WHAT INFORMATION WE RETAIN ABOUT YOU AND ITS SOURCE.

Genekor is committed to protecting the privacy and security of your personal information. The term “personal data” means information, which alone or in combination with other data available to the Company can lead to your identification. Information in which any identification data have been removed and is not possible to identify you either from such information alone or in combination with any other information held by Genekor is not considered personal data (anonymous data).

Due to the Company’s business operation, sensitive personal data, known as “special categories of data” such as health data or genetic data might be processed.

The exact categories of personal data that are being processed vary depending on the role of each individual and his/her respective relationship with the company, such as:

• From the visitors of the website, we collect only information about their device, internet usage and online behavior through the cookies and other similar mechanisms (For more information on the data collected automatically from our website or other third-parties used by this website, through the use of cookies – or other similar tracking technologies- please see our Cookie Policy;
• From the individuals who contact us by using the contact form on our website, we might additionally collect name, email and any other information that the user might himself mention on his message;
• For the prospective employees, the personal data that are being collected are described in the relevant Personnel Selection Privacy Notice;
• From the clients, the personal data that are being collected is usually, the name and other identification data, contact details, other information such as occupation, age, disease details, diagnostic test results, part of the medical history, identity and contact details of relatives, sometimes combined with hereditary diseases and related medical histories and any other relevant information. Personal data could also include financial information that you may disclose to us in the course of payments and general financial transactions;
• For our business partners, personal data might include the name and other identifying information, contact details, and any other information related to the subject of our cooperation.
• For the referring doctors, personal data consist of any personal information contained in the medical referral or in any other communications between the doctors and the Company;
• From all doctors or partners who wish to register and obtain a web account in the results portal in order to, among others, be provided with access to electronic results documents, we collect and process name, specialty, institution, address, city, postal code, country, e-mail, selected username and phone number;
• Videos and photos might also be taken during our corporate events but also you might be recorded via the CCTV System of our premises.

The above data are being stored in the company records which can be electronic files, letters, prescriptions, medical referrals, e-mails, customer satisfactions forms, photos, video recordings etc.

We may have your personal information because you gave it to us yourself, or because we obtained it from another source (e.g. your referring physician or your health insurance provider if the medical diagnosis we provide is paid by the health insurance provider and we need to verify your insurance coverage), either in the context of providing our services to you or in the context of our business in general or because they are publicly available.

SUSCRIBE to our NEWSLETTER

Your subscription to our Newsletter by submitting your email address is done at your own initiative and is subject to your acceptance of the terms of our Privacy Notice. If you do not accept these terms, please do not fill in the relevant field or withdraw your participation from the list of recipients of our Newsletter.

By submitting your e-mail to our Newsletter service, Genekor as the Data Controller can use your personal data for marketing purposes and process it as follows:

• In order to provide you electronically with information about products and medical services and for any changes or new services or about any of our events (conferences, seminars etc) that might be of interest to you. This can come directly from Genekor or through companies and other third-parties who can provide relevant marketing services on our behalf. In such cases, Genekor might share your personal data with these partners.
• In the context of market preferences and trends analyses.

 

To protect your rights and to ensure that you have control over how we manage our marketing activities addressed to you:

• We will take steps to limit marketing communications to a reasonable and proportionate level and to only send you communications which we believe may be of interest to you.
• If you no longer wish to receive our Newsletter you can ask us to stop sending marketing emails, by following the “unsubscribe” link you will find in all e-mail newsletters we send you. Alternatively, you may contact us at info@genekor.com or at dataprotection@genekor.com.

Company CCTV System or other Access Control Systems

In the course of our business operation and mainly for reasons of security and protection of our premises and of the Company employees, customers, associates, third-parties, as well as the Company assets, the Company monitors its facilities and premises through electronic means such as cameras at the entry/exit points around the perimeter or in the staircase of its buildings or access control systems in critical areas. This might have as an indirect consequence, to record the movements of incoming visitors, employees, partners etc.

The data recorded through these systems are retained in accordance with the legislation, while the access to them is very limited and is given only when there is a specific need (theft or other security incident, etc). For more information, about the use of the Video Surveillance System by our Company, please see the “Privacy Notice for the Processing of Personal Data through the Video Surveillance System”.

FOR WHAT PURPOSES DO WE USE YOUR PERSONAL INFORMATION

We process your personal information in accordance with the provisions of the EU General Data Protection Regulation (GDPR) and Greek Law 4624/2019 as well as any other applicable legislation in order to:   

• Exchange information about products and services before concluding a contract (e.g. medical tests);
• Manage and process tests and relative requests/questions while providing our services;
• Perform a medical service described in a medical referral which referral, we then have to file in our records;
• Contact the referring physician for any question we may have about a referral they have issued or about a request they have made to us as a referring doctor (e.g. a request for provision of medical results);
• Handle your requests and your complaints;
• Give you access to the results portal if you are a doctor or a partner and register to it;
• Improve the quality of our products and services, e.g. by conducting and analyzing satisfaction surveys;
• Make payments (to our customers, suppliers, partners)
• Comply with our legal regulatory and other obligations (e.g. tax laws, accounting obligations etc.) arising from our business activities;
• Send you newsletter when you subscribe to our Service;
• Ensure the safety of our facilities, networks and information as well as our staff, visitors and partners;
• Create anonymous statistical analyses and reports relating to our operation or which will be used for scientific research or will be published for statistical purposes.

 

HOW DO WE PROCESS YOUR PERSONAL INFORMATION

In compliance with the provisions of the Regulation, we process your personal data in accordance with the following data protection principles:

• Lawfully, fairly and with transparency;
• We collect them only for valid purposes that you have been informed about and we do not use them in a way that is incompatible with these purposes;
• We process them according to the above purposes only;
• We collect and process the minimum and absolutely necessary for the fulfillment of the above purposes;
• We keep them accurate and up to date as long as you tell us of any changes;
• We keep them only for as long as necessary based on the purpose;
• We store them safely. We take all reasonable measure to protect your personal data from loss, unauthorized access or tampering.

LEGAL BASIS FOR PROCESSING

According to the GDPR the processing must be performed on a specific legal basis, as in we need a real reason to collect, store, use and disclose your personal information.

Our legal basis for processing your personal information might be one or more of the following:

• The processing of the personal data of customers (name and contact details) is necessary for the execution of our medical services and the legal basis for this is the contract for the provision of medical services;
• The processing of customers’ health data (e.g. information on requested diagnosis) has as a legal basis the provision of medical diagnosis to the data subjects;
• Similarly but vice versa, offering third party services to us (e.g. our suppliers) has a a legal basis the execution of the relevant service contract;
• The Compliance of our Company with the local and European legislation;
• Your consent, such as e.g. when you choose to receive newsletters or when y register as a doctor on our results portal;
• The satisfaction of the legal interests of the company such as direct marketing, fraud prevention, ensuring the security of its network and IT systems, the archiving of medical referrals, the conduct of customer and partners satisfaction surveys;

 

CHILDREN’S PRIVACY

We do not wish to collect personal data from children without their parents’ or guardian’s consent. If you are under 16, please obtain the consent of your parents or guardian before giving any information.

TO WHOM WE DISCLOSE YOUR PERSONAL DATA

Your personal data is disclosed internally in our company, between its various departments in order to produce the desired result and to receive the service you have requested from us. This internal disclosure is done in a secure way and based on a need to know basis. Genekor’s personnel is subject to an obligation of Confidentiality through a specific Confidentiality Agreement.

We may also share to and receive your personal information from third parties, individuals or legal entities. This category includes hospitals, pathological laboratories, referring doctors.

Furthermore, your personal information may be disclosed by our company  to a third party, in order for the third party to provide a service to us or directly to you, e.g. a company that provides us with tax and accounting services, the company that manages our website or our results portal and our consultants (including financial, legal and other advisors) within the context of the legal operation of our Company. These service providers are known as “data processors” and also have a legal obligation under GDPR and towards Genekor to protect your personal data and to use it only to provide the agreed service.

In the event that we share your data as a data controller with another data controller, the processing of the personal information by that company will be subject to its own privacy policy. Genekor makes every effort possible to select partners that provide services of high quality, reliability, trust, protection and security services but Genekor is not responsible for the use of the information by these companies. Genekor partners may use your personal data to contact you directly.

Your personal information may also be disclosed to third-parties, such as employment agencies, insurance companies or companies and other regulators.

Except in the above cases, your information will not be transferred or disclosed to third-parties for marketing or other purposes.

 

TRANSFER OF DATA OUTSIDE OF THE EUROPEAN ECONOMIC AREA (E.E.A.)

We process your personal data at our operating offices and in any other place where the parties involved in the processing, such as our subcontractors, are located. Depending on the data subject’s location, data transfers may involve transferring the data subject’s data to a country other than their own. If such transfers take place to a third country outside of the E.E.A. and the third country does not provide an adequate level of security of the personal data, the personal data can be transferred to that country only if the protection of data is guaranteed by a data transfer agreement which ensures an adequate level of protection or if the conditions explicitly provided by European and national law are met.

FOR HOW LONG DO WE KEEP YOUR DATA

We will retain your personal information only for as long as it is necessary to fulfill the purposes for which we collected it, but also for as long as it is required in order to meet any legal, accounting or other obligations.

Personal data collected for purposes related to the execution of a contract between the Company and the data subjects will be retained until the said contracts are terminated and we have no obligation to retain it for a longer period of time in compliance with our tax or accounting obligation. Personal data collected for purposes relating to our legitimate interests will be retained for as long as it is necessary in order to fulfill those purposes. We may be entitled to retain personal data for longer period of time whenever the data subjects have given their consent to such processing, provided that the consent in question has not been revoked or until the data subjects have asked us to delete or modify the personal information stored by us.

We may anonymize your personal information so that it can no longer lead to your identification, so that we can use them without having to inform you further, for statisitical purposes or in the context of scientific research.

As soon as you will no longer need services from us, we will safely maintain and then destroy your personal information, according to our data retention schedule.

Once the retention period expires, Personal Data shall be deleted. Therefore, the right to access, the right to erasure, the right to rectification and the right to data portability cannot be enforced after expiration of the retention period. Any statistical data contained in our analyzes and reports will continue to be subject to use or publication as long as they contain only anonymous data.

 

DATA ACCURACY AND YOUR RESPONSIBILITIES

It is important that the personal information we hold about you is accurate and up to date. For this reason, please let us know as soon as possible if any of your information changes or is incorrect during our cooperation.

YOUR RIGHTS

By virtue of the GDPR you have the following rights under certain conditions:

• To be informed about the processing of your personal data. This is the purpose of the present Notice.
• To rectify your personal information if it is inaccurate and complete any uncompleted data
• To object to the processing of your personal data
• To restrict the processing of your personal information
• To delete your personal data (“right to be forgotten”)
• To move, copy or transfer your personal data ("right to portability")
• To be informed, question and even oppose to any automated decision making including profiling activities addressed to you
• To request access to your personal data and information on how we process it
• To revoke at any time the consent you have given for the processing of the personal data, valid from the moment of withdrawal and onwards (the lawfulness of any prior processing is not being affected).

For further information about your rights and in order to exercise them, please contact info@genekor.com or the Company DPO at the email address: dataprotection@genekor.com. Such requests are free of charge and we will respond to you as soon as possible. Generally, your requests will be answered within one (1) month from the time we received your request, but if the request requires more time, we will inform you accordingly (within the said one (1) month). Please note that we may request further information to confirm the identity of the person concerned.

Exercising your rights is with no charge. However, in the event of manifestly unfounded or excessive claims, even due to their recurrence, the Company may charge you a reasonable fee, in view of the administrative costs in order to habdle your claim, or will deny the satisfaction of your request.

YOUR CHOICES

You can chose whether or not you want to receive information from us. We will not contact you for marketing purposes via e-mail, telephone or text message unless you have given your prior consent. We will not contact you via email for direct marketing purposes if you have declared to us that you do not wish to be contacted. You can change your preferences at any time by contacting us through e-mail at dataprotection@genekor.com or by calling us at 210-6032138.

QUESTIONS OR COMPLAINTS

Any questions about the present Privacy Notice and our general privacy practices should be sent to the email address: info@genekor.com or the person responsible for all Data Protection matters in our Company (DPO) at the email address: dataprotection@genekor.com or by writing to GENEKOR PRIVATE DIAGNOSTIC LABORATORY MEDICAL SOCIÉTÉ ANONYME, 52 Spaton Avenue, 15344 Gerakas Attica. Alternatively, you can call us at 210-6032138.

 

You also have the right to submit your complaint at any time to the Hellenic Data Protection Authority, the Greek Supervisor Authority for any data protection related matters. Hellenic Data Protection Authority, 1-3 Kifisias av. 115 23 Athens, tel: 2106475600   Website for complaints: www.dpa.gr

CHANGES TO THE PRESENT PRIVACY NOTICE

We regularly review this Privacy Notice and therefore we may amend it at any time in order for example to comply with any new legal or technological requirements imposed to us by the applicable legislation or in order to include new Services that we might provide. If significant changes are made to the use of your personal data (as defined herein) in a manner other than what has been stated to you at the time of collection, we will make every effort to inform you either by updating our Website or by sending it to your relevant e-mail and where required by applicable law we will ask for your consent.

The present Privacy Notice was last updated in November 2022.