The Private Company named «Dialysis Vacation PC” with the brand name “Dialysis Vacation”, with VAT no: 801221921 and No GEMI: 152080701000 established in Athens (street: Teo number 59) as legally represented, is the Personal Data Controller, under the General Data Protection Regulation (EU) 2016/679 and the Greek legislation –Law 4624/2019- as applicable from time to time, hereby provides the following information for:
(a) the processing of personal data and
(b) all your legal rights as a subject of processing.
Personal data processing is the collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, transmission, restriction or erasure of personal data which was or will be brought to the attention of the company. In compliance with the current legislative framework, the company has taken all steps required, by implementing all appropriate technical and organizational measures for the lawful adherence, processing and safe retention of personal data files, and is committed to ensure and protect in every way the processing of your personal data against any loss or leakage, alteration, transfer or any other unlawful processing.
The website «www.dialysisvacation.com», hereinafter referred as the “website”, it is under the management of our company, which is the Controller of all the personal data we collect from you during your visit to our website and the use of our web platform, and that is all of the information which identify you or can identify you directly or indirectly as natural persons.
Our company is in compliance with the existing legislative framework and has taken all the appropriate technical and organizational measures for legal compliance, treatment and safe storage of every personal data file, bound to ensure and protect them from loss or leakage, tampering, transmission and generally any other unauthorized processing, in order to safeguard and maintain the confidentiality of information that relate to visitors/users of the “website”.
1. WHAT KIND OF PERSONAL DATA WE COLLECT AND HOW?
– Information that is automatically collected when you visit and interact with our “website”
Through our website platform, our company provides services of health tourism, particularly medical services, dental care, spa and hydro-thermal tourism, wellness tourism, with arranging to organize excursions in Greece and abroad including health service and general third-party health benefits. Therefore, simply browsing our website does not require the visitor to provide any personal data. However, through your simple visiting and browsing, our website might collect automatically certain information, that can identify you directly or indirectly, such as: a) the Internet Protocol address (IP address) of your computer, b) type of browser (browser) and the operating system, c) the websites visited just before and after your visit to the page, d) basic connection information of the server.
– Information that you provide directly to us, if you wish to use our health tourism services through our website platform.
If the “website’s” visitor wishes to express his interest in our services, in order to book a health tourism package, he is required to fill in and apply the relevant contact form upon the “website” collects and processes with your consent all your information are considered simple and special category personal data.
Initially every website user is required to give information about his identification elements: name, surname, e-mail contact address and telephone number.
In addition, each user is required to select the following fields that provide to us the following data:
(a) the medical package and destination that interests him
(b) the medical center and clinic that interests him
(c) the hotel that interests him
(d) and any additional services he may wish, such as attendant, translator, extra-meal, airline tickets, etc.
2. LAWFULNESS AND PERSONAL DATA PROCESSING PURPOSE
We use and process your just necessary personal data in order to provide you the information and booking service of your suitable medical tourism package. The legal basis for your personal data’s’ processing is the contract in accordance with article 6 par. 5 GDPR.
On your demand, we use and process your personal data, that are strictly necessary to provide you, planning and organization information of your trip. We mediate and provide through third natural or legal persons and other tourism products, in addition to medical care, as transportation, information, touring, dining and hotel accommodation. We provide spa – services hydro-thermal tourism in areas whose main feature is the use of recognized curative natural resources for therapeutic purposes in special facilities. We provide wellness tourism services to travelers who wish to move and stay in special destinations and tourist destinations in Greece and abroad with the main motivation to restore, maintain and promote their physical, mental and social health. prosperity. Health Tourism provided in special tourist infrastructure facilities such as the curative treatment units, spa centers, wellness centers and hydro-thermal centers.
The “Dialysis Vacations” collects, processes and uses your personal data only to the extent permitted by the law and are just necessary in order to provide you with the suitable medical health tourism package and contact with you. The purpose of your data processing is to identify the appropriate medical care centers in combination with tourist products, such as transportation, information, tour, catering and accommodation in hotels through cooperating with us tourist agencies, health centers, etc.
The legal basis of the procession of these data is your consent (article 6 para. 1a GDPR) and the legitimate interest of our company as a responsible treatment (article 6 para. 1f GDPR). In any case, your data are processed: a) only when you give your consent to identify and contact you, b) to fulfill legal obligations under current legislation on notification to public authorities (Supervisory, Independent, etc.), c) to protect the vital interest, d) to protect the public interest and e) to any legal interest of our company.
The “Dialysis Vacations” respects your right to protect privacy and therefore we use the collected through our website information for the above purposes. For this reason, we do not disclose, transmit or make information accessible to third parties. In order to fulfill and complete the provision of our services to you, we must also work with services who receive only the just necessary personal data. These providers of services are contractually obligated by the “Dialysis Vacations” to use the received personal data for the agreed purpose and to prevent from any accidental notification to third parties, complying always with the rules of GDPR and our national legislation.
3. WHO ARE THE RECIPIENTS OF PERSONAL DATA
- Third parties for Health services:
- Third Parties for Tourism or Other similar Services:
We work with third parties (travel agencies, hotels, car rental companies, translators) in order to plan and organize your travel. These providers are also responsible for the processing of your personal data, and have provided us with assurances that they are in compliance with the legislation as they have already implemented all the appropriate technical and organizational measures, so that the processing of your data is lawful, as long as they are ensured the protection of your rights, the confidentiality of the processing and the appropriate level of security against the risks.
- Third Parties-payment services
We are working with third parties which are responsible for providing an electronic payment mechanism. If you or your credit card holder is required to refund your reservation, we may need to share some reservation details with your payment service provider and financial institution in order to manage your refund. These may include a copy of your booking confirmation or the IP address from which your booking was made. In addition, we may share information with the relevant financial institutions if we deem it absolutely necessary for fraud prevention and detection purposes.
- Competent authorities
We share your personal information with law enforcement authorities, to the extent required by law or strictly necessary to prevent, detect or prosecute criminal offenses and fraud. In addition, we may need to disclose your personal information to the competent authorities to protect and defend our rights and property or the rights and property of our affiliates. We may disclose information about you in response to court summons, search warrants, litigation, court orders, legal proceedings or other law enforcement measures by any competent authority, including the Data Protection Authority and the Data Protection Supervisors of other members of the European Union, as well as to uphold and defend our legal rights or to refute claims against us.
4. PERSONAL DATA’S RETENTION PERIOD
The “Dialysis Vacations” will keep the personal data which are collected by the website for the absolutely necessary period of time in order to obtain the above treatment goals and to comply with legal obligations. Since revoke your consent to the collection and processing of your personal data, we will delete your data from all our files, unless we have to be complied with any legal obligation or defend our rights or legitimate interests in front of judicial or other authorities
In accordance with article 5par.1el(c)GDPR, our company uses computers and programs designed to minimize the use of personal and identification information. So data shall be processed only to the extent necessary to achieve the objectives which are set out in this Policy and stored for as long as is strictly necessary to achieve the specific pursued objectives. In any case, the standard used to determine the storage period is based on compliance with the time limits permitted by law and the principles of minimization, limitation of storage, legality, objectivity, accuracy, transparency, integrity, the confidentiality of data through the rational management and processing of our files. The Personal Data are processed until the patient’s account is deleted or until we receive the patient’s withdrawal of his consent, whichever occurs first.
5. PERSONAL DATA SECURITY POLICY
The security of your personal data is an absolute commitment to us. To achieve this, we apply all modern and appropriate technical and organizational measures for the purposes of processing, the responsiveness and adequacy of which we control at regular intervals. For this reason the “Dialysis Vacations” applied effectively, both at the time of setting processing means and at the time of treatment, appropriate technical and organizational measures designed by default to the application of data protection authorities, integrating all the necessary processing guarantees in a way that meets the requirements of the GDPR and national law and protects your rights such as: encryption of personal data, observance of security policies that ensure the integrity, availability and reliability of processing systems and services on an ongoing basis, as well as the ability to restore availability and access to personal data in a timely manner in the event of a physical or technical event, and we have security policies in place for regular testing, assessing and evaluating the effectiveness of technical and organizational measures to ensure processing safety.
We apply the principle of minimizing personal data in order to ensure compliance with legal requirements and the protection of data subject rights. In particular, these measures ensure that, by definition, personal data are not made accessible without the intervention of the natural person to an indefinite number of natural persons.
We also apply security procedures, technical and physical restrictions on access and use of personal data on our servers. Access to personal data is only authorized personnel responsible processing and the processors and only for the agreed purpose. These persons undertake to maintain the confidentiality of your personal data during and after the termination of this Agreement. To ensure the protection of your personal information against accidental or unauthorized destruction, accidental loss, tampering, prohibited dissemination or access and any other form of unfair treatment, we have selected persons with relevant qualifications who provide adequate guarantees in terms of technical knowledge and personal integrity. for confidentiality. However, be careful and keep in mind that there is no absolute security on the Internet.
7. DATA SUBJECT RIGHTS
As personal data subject, you have the following rights:
Right of access to the personal data concerning you, provided that they are being processed by the company, in its capacity as the controller, to the purposes of said processing, the categories of data and the recipients or categories of recipients (Article 15 GDPR).
Right to rectify inaccurate data and complete incomplete data (Article 16 GDPR).
Right to erase your personal data subject to the company’s obligations and legal rights to retain them, pursuant to the current applicable laws and regulations (Article 17 GDPR).
Right to restrict the processing of your personal data if either the accuracy of said data is contested or the processing is unlawful or the purpose of the processing was eliminated, and provided that there is no legitimate reason to retain them (Article 18 GDPR).
Right to the portability of your personal data to another controller, provided that the processing is based on your consent and is carried out by automated means. This right shall be exercised subject to the company’s legal rights and obligations to retain the data and to perform a task which is carried out in the public interest (Article 20 GDPR).
Right to object on grounds relating to your particular situation, in case your personal data is processed to perform a task carried out for reasons of public interest or in the exercise of official authority vested in the company or for the purpose of legitimate interests which are pursued by the company or any third party.
The personal data of minors shall be processed subject to the prior consent of their parents or the persons who have undertaken their parental responsibility, unless otherwise specified by law. For the purposes hereof, minors are persons who have not attained the age of 18 years.
9. WITHDRAWAL OF CONSENT
You have the right to revoke your consent at any time where this is required, without prejudice to the legality of the processing based on it until it is revoked. The withdrawal is made by written request submitted to our email address
As for the information automatically collected by browsing our site, please refrain from visiting it if you do not wish to collect and edit this information.
10. HOW TO EXERCISE YOUR RIGHTS AND SUBMIT A COMPLAINT
All requests regarding your personal data and the exercise of your rights shall be dispatched in writing to: firstname.lastname@example.org. In any case, you reserve the right to submit a complaint to the competent supervisory authority, if you consider that your personal data processing infringes the current applicable legislation. For more information please visit www.dpa.gr.
11. UPDATED PRIVACY STATEMENT
We might amend the Privacy Statement from time to time. Visitors to our website should be read periodically this Privacy Statement in order to be informed of any changes made while the “Dialysis Vacations” committed to make the necessary updates of visitors and users with any appropriate means, in accordance with the conditions set by (EU) General Data Protection Regulation 679/2016 and Law 4624/2019.