1. General Information
1.1. This Privacy Policy (“Policy”) describes how we use your personal data collected via our website. Please read this Policy carefully.
1.2. As referred in our General Terms and Conditions, Medipass will need access to some of your personal data to initiate communication with the chosen medical professional and ensure the the prompt organization of the medical procedure.
1.3. For this purpose, Medipass may seek access to any personal and private detail required, in order to allow proper communication with the medical professional and/or to address questions raised from any of the parties, during the assessment of User’s medical dossier. Depending on the purpose for which we may need to process your data, You will be asked to provide certain categories of personal data such as:
- your basic identity data (for example your first and last name, etc.);
- your contact details relating to the services that we provide (for example phone number, email address, etc.);
- transactions information necessary for the provision of our services (for example, your payment or card data, information on the services you requested, etc.);
- commercial information (for example, if you have subscribed to our newsletter),
- medical history or background
- any information related to the medical procedure you are interested in (e.g., preferred time period of treatment etc.).
- information about your tastes and preferences; and
- any other information you may voluntarily provide us with.
2. Data Roadmap and Purposes of data collection and processing
2.1. To manage your registration as user, we will ask you to provide as your basic contact information (full personal info, email etc) so that you can easily log in to our website and use our platform services.
2.2. After logging in, you may need to provide certain information about your health condition and/or the health treatment that you are interested in.
2.3. Please notice that Medipass platform uses cookies to receive identifiers and other information on computers, phones and other devices and to facilitate your access to our website. For more information, see our Cookie Policy.
2.4. As referred in our General Terms and Conditions, after filling the search criteria and choosing any medical procedure, in order to facilitate the agreement between you and Medical Professionals, Medipass, having your consent, can proceed to the collection of any personal data required for the preliminary treatment plan and evaluation.
2.5. After initiating communication with the Medical Professional of your choice, we keep your data secure, in the safe environment of our platform and CRM, until the conclusion of contract and the completion of the medical procedure.
2.6. Payment. In case Medipass, on behalf of the contracting parties, claim advance payment (Terms and Conditions, par. 5.4.) for any of the services offered, we will ask every information required to complete payment (email address, credit card information, carholder’s name, billing address, country, Paypal account etc.). When your credit card details are provided, they will be transmitted directly to the payment service provider engaged by us via an encrypted connection and without any further disclosure of credit card information to us except for the last four digits of your credit card which are transmitted to us and in a pseudonymized form for security reasons, identification and verification.
2.7 News, promos and personalised offers. You may receive emails from us including offers and advertising only if you have agreed this. This concerns both non-personalised (sent to all customers) and personalised (sent only to you and based on your filled criteria and/or your health treatment that you are interested) newsletters sent electronically to your account. By choosing this option you authorise us to process the personal data that you have shared with us for promotional actions.
2.8. After the conclusion of the contract, Medipass may keep your data as well as medical files of the Users for facilitating any possible future treatments. See below, par. 6 – Retention.
3. Data Disclosure to Third parties
3.1. After conclusion of the contract between you and the Medical Professional of your choice, the two parties will exchange any further information required for the prompt organization of the medical procedure. For this purpose, you may be asked to provide medical files to the Medical Professional.
3.2. Having your consent, all content of communication between Users and Health Providers, including medical files, will be transferred with end to end encryption (SSL Organization Validation certification) to the Company’s internet platform. The company does not edit, manage or have any interference in the content above, which keeps in a safe mode and in a secure location for any further purpose under agreement with the User.
3.3. In case you choose to be provided of any Additional Services, Medipass having your consent, may disclose certain information to third parties including but not limited to Travel Agencies, Guides, Translators etc.
3.4. When we disclose information to third parties, the usage and disclosure restrictions contained in this Privacy Policy will not apply to them. Medipass is only responsible for securely transferring your personal data to the third party. Although we encourage every third party to comply with the applicable GDPR legislation, we do not control and we are not responsible for any privacy practices, privacy policies or third party actions. Any complaints or queries regarding the use of your personal data by third parties should be directed directly to the them.
4. User’s Rights
You have the following rights with respect to your personal data:
- Right to withdraw consent. You have the right to withdraw your consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.
- Right of information. You have the right at any time to ask for any information about your data, such as what personal data we have collected and processed, for which purpose we have collected and processed this data, for how long this data will be in our possession.
- Right to object to the processing. Provided that the conditions of the law are met, you have the right to object to processing of your personal data. If you object, we must stop that processing unless we can either demonstrate compelling legitimate grounds for the processing that override your interests, rights and freedoms or where we need to process the data for the establishment, exercise or defence of legal claims.
- Right of access. You have the right to request access to any of your personal data that we may hold, to request correction of any inaccurate data relating to you and, under certain circumstances, to request the deletion of your personal data. In case you no longer wish any of your data to be kept by the Company, you can send an electronic application to the Company ([email protected]) and request to delete it.
- Right of data portability. Under certain conditions, you have the right to receive all such personal data which you have provided to us in a structured, commonly used and machine-readable format, and require us to transmit it to another controller where this is technically feasible.
If you have any questions about your privacy, your rights, or how to exercise them, please contact us via email at admin@medipass. We will respond to your request within a reasonable period of time. You can also contact and are free to lodge a complaint with the Hellenic Data Protection Authority (1-3 Kifissias Ave., 115 23 Athens, Greece, Phone: +30-210 6475600 Fax: +30-210 6475628 E-mail: [email protected].)
5. Data security
5.1. Medipass uses all appropriate technical, physical, legal and organizational measures to comply with data protection laws and keep your personal data secure.
5.2. All of the personal data we hold is stored electronically and we have taken all security measures and techniques to ensure this personal data is kept secure, such as server side encryption and access restriction in our production systems.
5.3. Our staff is properly informed and trained in data protection in compliance with the Regulation (EU) 2016/679 of the European Parliament and of the Council (GDPR)
5.4. When Medipass engages a third party as a data processor such as Medical Professionals and Travel Agencies to collect or otherwise process personal data, such processor will be selected carefully and required to use sufficient guarantees, in particular in terms of expert knowledge, reliability and resources as well as appropriate technical and organisational measures which will meet the requirements of the General Data Protection Regulation, including those referring to the security of processing.
6. Retention period
6.1. We will retain your personal data for as long as is necessary for the purposes for which we collect it during the performance of our contract. More specifically:
- General information, as well as health information and medical files will be kept at least until the completion of the medical procedure.
- Your personal data is necessary for us to comply with any legal obligations (including payment and/or tax obligations, your security and avoidance of fraudulent behaviour). For this purpose, such data will be kept for at least as long as is required to comply with any of these obligations.
6.2. Medipass may also keep your data as well as medical files of the Users for facilitating any possible future treatments. (see par. 2.8.). We will retain your data for a maximum period of six months after termination of the contractual relationship or at any moment after your request.
