1. General Information

1.1. This Privacy Policy (“Policy”) describes how we use your personal data collected via our website. Please read this Policy carefully.

1.2. As referred in our General Terms and Conditions, Medipass will need access to some of your personal data to initiate communication with the chosen medical professional and ensure the the prompt organization of the medical procedure.

1.3. For this purpose, Medipass may seek access to any personal and private detail required,  in order to allow proper communication with the medical professional and/or to address questions raised from any of the parties, during the assessment of User’s medical dossier. Depending on the purpose for which we may need to process your data, You will be asked to provide certain categories of personal data such as:

2. Data Roadmap and Purposes of data collection and processing

2.1. To manage your registration as user, we will ask you to provide as your basic contact information (full personal info, email etc) so that you can easily log in to our website and use our platform services.

2.2. After logging in, you may need to provide certain information about your health condition and/or the health treatment that you are interested in.

2.3. Please notice that Medipass platform uses cookies to receive identifiers and other information on computers, phones and other devices and to facilitate your access to our website. For more information, see our Cookie Policy.

2.4. As referred in our General Terms and Conditions, after filling the search criteria and choosing any medical procedure, in order to facilitate the agreement between you and Medical Professionals, Medipass, having your consent, can proceed to the collection of any personal data required for the preliminary treatment plan and evaluation.

2.5. After initiating communication with the Medical Professional of your choice, we keep your data secure, in the safe environment of our platform and CRM, until the conclusion of contract and the completion of the medical procedure.

2.6. Payment. In case Medipass, on behalf of the contracting parties, claim advance payment (Terms and Conditions, par. 5.4.) for any of the services offered, we will ask every information required to complete payment (email address, credit card information, carholder’s name, billing address, country, Paypal account etc.). When your credit card details are provided, they will be transmitted directly to the payment service provider engaged by us via an encrypted connection and without any further disclosure of credit card information to us except for the last four digits of your credit card which are transmitted to us and in a pseudonymized form for security reasons, identification and verification.

2.7 News, promos and personalised offers. You may receive emails from us including offers and advertising only if you have agreed this. This concerns both non-personalised (sent to all customers) and personalised (sent only to you and based on your filled criteria and/or your health treatment that you are interested) newsletters sent electronically to your account. By choosing this option you authorise us to process the personal data that you have shared with us for promotional actions.

2.8. After the conclusion of the contract, Medipass may keep your data as well as medical files of the Users for facilitating any possible future treatments. See below, par. 6 – Retention.

3. Data Disclosure to Third parties

3.1. After conclusion of the contract between you and the Medical Professional of your choice, the two parties will exchange any further information required for the prompt organization of the medical procedure. For this purpose, you may be asked to provide medical files to the Medical Professional.

3.2. Having your consent, all content of communication between Users and Health Providers, including medical files, will be transferred with end to end encryption (SSL Organization Validation certification) to the Company’s internet platform. The company does not edit, manage or have any interference in the content above, which keeps in a safe mode and in a secure location for any further purpose under agreement with the User.

3.3. In case you choose to be provided of any Additional Services, Medipass having your consent, may disclose certain information to third parties including but not limited to Travel Agencies, Guides, Translators etc.

3.4. When we disclose information to third parties, the usage and disclosure restrictions contained in this Privacy Policy will not apply to them. Medipass is only responsible for securely transferring your personal data to the third party. Although we encourage every third party to comply with the applicable GDPR legislation, we do not control and we are not responsible for any privacy practices, privacy policies or third party actions. Any complaints or queries regarding the use of your personal data by third parties should be directed directly to the them.

4. User’s Rights

You have the following rights with respect to your personal data:

If you have any questions about your privacy, your rights, or how to exercise them, please contact us via email at [email protected]   We will respond to your request within a reasonable period of time. You can also contact and are free to lodge a complaint with the Hellenic Data Protection Authority (1-3 Kifissias Ave., 115 23 Athens, Greece, Phone: +30-210 6475600 Fax: +30-210 6475628 E-mail: [email protected])

5. Data security

5.1. Medipass uses all appropriate technical, physical, legal and organizational measures to comply with data protection laws and keep your personal data secure.

5.2. All of the personal data we hold is stored electronically and we have taken all security measures and techniques to ensure this personal data is kept secure, such as server side encryption and access restriction in our production systems.

5.3. Our staff is properly informed and trained in data protection in compliance with the Regulation (EU) 2016/679 of the European Parliament and of the Council (GDPR)

5.4. When Medipass engages a third party as a data processor such as Medical Professionals and Travel Agencies to collect or otherwise process personal data, such processor will be selected carefully and required to use sufficient guarantees, in particular in terms of expert knowledge, reliability and resources as well as appropriate technical and organisational measures which will meet the requirements of the General Data Protection Regulation, including those referring to the security of processing.

6. Retention period

6.1. We will retain your personal data for as long as is necessary for the purposes for which we collect it during the performance of our contract. More specifically:

6.2. Medipass may also keep your data as well as medical files of the Users for facilitating any possible future treatments. (see par. 2.8.). We will retain your data for a maximum period of  six months after termination of the contractual relationship or at any moment after your request.