The information here is given in compliance with article 13of Regulation (EU) 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (General Data ProtectionRegulation or G.D.P.R.):
The website at www.medoid.ai (the “Site”) and its services are operated by Medoid A.I. Private Company (“Medoid” or “we” or “us”) which is a private company having its registered seat in EuropeanUnion (130, Egnatia str. Thessaloniki Greece – Greek Tax Identification Number: EL801114469 D’ Thessaloniki Tax Bureau – Greek General Commercial Registry Number: 149435406000). This Privacy Notice sets out how we collect, use, retain and disclose personal data that we hold about you and gives information on how to exercise your legal rights. We are taking all necessary measures to provide you (the “User” or the “Data Subject”) the information referred to Articles 13 and 14 GDPR in a concise, transparent, intelligible, and easily accessible form. This privacy notice is only applicable to the Site.
Medoid A.I. Private Company as a data controller determines the purposes and means of the processing of your personal data. Medoid is a private company having its registered seat in European Union (130, Egnatia str. Thessaloniki Greece – Greek Tax Identification Number: EL801114469 D’ Thessaloniki Tax Bureau – Greek General Commercial Registry Number: 149435406000). Dr.Anestis Fachantidis is the administrator of the company and in charge to address any questions, comments or concerns about our Data Protection Policy. Please contact us by email at email@example.com call +302310240231 during regular work hours
WHAT PERSONAL DATA WE PROCESS, FOR WHAT PURPOSE, THE LEGAL BASIS AND THE PERIOD OF RETENTION
The User can access the Site and browse without disclosing any personal data except of information collected automatically for IT security and system diagnostic purposes, i.e. the User’s IP address and strictly necessary cookies. The legality of the data processing is governed by Article 6 (1) (a) GDPR. Therefore, consent is not requested and the legal basis is a legitimate interest (i.e. interest in the operation of the Site and its services) within the meaning of Article 6 (1) (a) GDPR. The use of strictly necessary cookies falls within the exemption of Article 4 (5) (c) of Greek Law 3471/2006, as replaced by Article 170 of Greek Law 4072/2012. Greek Law 3471/2006 incorporates Directive 2002/58/EC of the European Parliament and of the Council of 12 July 2002 concerning the processing of personal data and the protection of privacy in the electronic communications sector (ePrivacy Directive). In every other aspect, consent is requested. The User has to actively opt in and consent to our use of performance cookies, Google Analytics cookies and web beacons. By processing the User’s data we can generate user statistics reports to determine how the Users make use of the Site and to optimize the Site’s content and its services. Pursuant to the minimization principle we identify the minimum amount of personal data we need to fulfill our purposes. We retain personal data for 50 months.
Legitimate interests: a) IT Security, b) Site Operation
SECURITY & INTEGRITY OF PROCESSING
We implement appropriate technical and organizational measures to ensure and to be able to demonstrate that processing performed is in accordance with GDPR. Only personal data which are necessary for each specific purpose of the processing are processed. Taking into account the state of the art, the nature, scope, context and purposes of processing, we implement the measures that Article 32 GDPR provides for.
CONFIDENTIALITY / PROCESSORS / TRANSFERS OUTSIDE EU & EEA
Access is denied at all times to unauthorized and external persons. Access can only be granted after explicit approval by an employee along with providing the reason for such access.
Where processing is to be carried out on behalf of our company, we use only processors providing sufficient guarantees to implement appropriate technical and organisational measures in such a manner that processing will meet the GDPR requirements and ensure the protection of the rights of the data subject. As an example, we may use processors for receiving IT services.
Pursuant to Article 45 (3) GDPR a transfer of personal data to a third country outside the European Union and the European Economic Area (EEA) takes place only after the European Commission assesses the adequacy of the level of protection.
YOUR DATA PROTECTION RIGHTS
We would like to make sure you are fully aware of all your data protection rights. Every User is entitled to the following:
The Right to Access
Pursuant to Article 15 GDPR the User has the right to be aware of, and verify, the lawfulness of the processing. Therefore, the User has the right to access the personal data which have been collected and get additional information about their processing.
The Right to Rectification
Pursuant to Article 16 GDPR the User has the right to revise, correct, update or modify his/her personal data. The User also has the right to be informed on the recipients of the data, should he/she wishes to.
The Right to Restrict Processing
Pursuant to Article 18 GDPR the User is entitled to request the limitation of his/her personal data processing in the following cases: (a) when the accuracy of the personal data cannot be established and until the data is verified, (b) when he/she objects to the personal data deletion and requests the limitation of their use rather than deletion, (c) when specific personal data are not required for processing purposes, they are, however, indispensable for the foundation, exercise, support of legal claims, and (d) when he/she opposes to the processing and until it is verified that there are legitimate grounds that concern us and supersede the reasons for which the User is opposed to the processing.The User also has the right to be informed on the recipients of the data, should he/she wishes to.
The Right to Object to Processing
The User is entitled to oppose to his/her personal data processing, at all times, in case where, as described above, this is necessary on the legitimate interests grounds as pursued by us, as controllers, as well as in the data processing for direct marketing purposes and consumer profile creation.The User also has the right to be informed on the recipients of the data, should he/she wishes to.
The Right to Erasure
Pursuant to Article 17 the User has the right to request the deletion of his/her personal data in the course of processing under his/her consent or on the basis of our legitimate interests. In any other case, indicatively in the existence of a contract, a lawful obligation to personal data processing, or a public interest, the right shall be subject to restrictions or shall be withdrawn, as the case may be.
The Right to Data Portability
Pursuant to Article 20 GDPR the User is entitled to receive his/her personal data free of charge in a format that allows his/her to access, use, and edit them with commonly used editing methods. Moreover, the User has the right to request, if technically feasible, to pass the data directly to another controller. Such right is granted for the data the User has provided to us and are subject to processing by automated means based on his/her consent or execution of a relevant contract.
The Right to Revoke Consent
Where processing is based on the User’s consent, the User has the right to revoke it without affecting the legality of consent-based processing in the period prior to said revocation. To revoke your consent please contact us by email at firstname.lastname@example.org or call at +302310 240 231 during regular work hours.
To exercise any of the above rights you can contact us by email at email@example.com or call at +30 2310 240 231 during working hours. In the above cases we will make every effort to respond to your request within thirty (30) days upon submission. Such deadline maybe extended for an additional sixty (60) days, if deemed necessary, taking into account the complexity of the request and the number of requests, and in such case we will inform you within the aforementioned deadline of thirty (30) days.
The Right to Lodge a Complaint
The User may lodge a complaint with the Greek Supervisory Authority (Hellenic Data Protection Authority, 1-3, Kifisias Avenue, Athens, GR11523, Greece – land line: +302106475600 – email address: firstname.lastname@example.org)
Effective Date: October 25, 2019 01:39