PRIVACY POLICY
1.- INTRODUCTION
ASTRIS LTD is strongly committed to protecting your privacy. Both personal and non-personal information collected is safeguarded according to high privacy and data protection standards.
This Privacy Policy is meant to inform you about ASTRIS LTD data processing due to its business activity (hardcopy and online), including personal data or personal information that ASTRIS LTD may collect during the visit of the website “https://www.astrismed.gr/”, in accordance with Regulation EU 2016/679 (hereinafter Regulation) and describes how ASTRIS LTD collects, uses and protects your personal data as well as your rights.
2.- Definitions
PERSONAL DATA means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number.
SPECIAL CATEGORIES OF PERSONAL DATA (sensitive data) means the data referring to racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, data concerning health or data concerning a natural person’s sex life or sexual orientation.
DATA CONCERNING HEALTH means personal data related to the physical or mental health of a natural person, including the provision of health care services, which reveal information about his or her health status.
PROCESSING means collection, recording, organizing, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination.
CONTROLLER means the natural or legal person, public authority, agency or other body which determines the purposes and means of the processing of personal data.
PROCESSOR means the natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
RECIPIENT means the natural or legal person, public authority, agency or another body, to which the personal data are disclosed.
SUPERVISORY AUTHORITY means an independent public authority which is established by each Member State. In Greece is the Hellenic Data Protection Authority (HDPA).
CONSENT OF THE DATA SUBJECT means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.
3.- Principles relating to processing of personal data
According to the Regulation, every company shall collect the personal data lawfulness and fairness keep only the needed data keep data secure store data only for as long as necessary to fulfill the respective purpose for which they are collected and processed inform data subjects, when necessary use appropriate technical and organizational measures in order to ensure appropriate security of personal data, including protection against unauthorized or unlawful processing and against accidental loss, destruction or damage and be able to demonstrate its compliance with Regulation.
4.- Policy purposes
This Policy has been compiled to better provide you with information concerning the collection and procession of personal data, such as the kind of personal data collected, for how long and for what purpose. Τhis policy applies to the visitors of our website “https://www.astrismed.gr/”, too.
- A) The legal basis for the processing
– the compliance of our company with a legal obligation, in particular legislation on medical devices and human tissues,
– the fulfillment of our contractual obligations,
– the proper operation of our company,
– the satisfaction of data subjects’ information and communication requests.
– the protection of our staff, facilities and equipment and
– the fulfillment of our contractual obligations towards third parties, such as product manufacturers.
- B) What Personal data we collect and how we process them
healthcare CARE professionals: Name, Surname, Social Security number, Specialization, Employer, Professional title/ Αcademic degree, contact address, E-mail, Telephone number / Mobile phone.
supplierS or EXTERNALS: Name & Surname or name of the company, contact address, Telephone number, VAT, FAX, E-mail, contact persons.
WEBSITE VISITORS: the technical necessary information for the connection to the website, for the installation of which the consent of the subject is not required (see COOKIES POLICY).
- C) Processing purpose
– Grant of Health Care Professionals participation.
– Information, promotion and commercial communication of our products and services.
– Information provided to Health Care Professionals for scientific events, conferences or seminars.
– Execution of an order or contract.
– Fulfillment of our legal obligations towards the Social Security Organizations, Private or Public Hospitals and Clinics.
– Our compliance with medical devices and human tissues legislation (eg adverse reactions).
– Compliance with manufacturer’s requirements.
– Fulfillment of our obligations in general.
– Fulfillment of our goals.
– Reply to Suppliers, Customers (including Patients) and Partners.
In all cases, personal data are submitted to our Company voluntarily by the subjects themselves or through their representatives.
– communication with our website visitors
- D) Period of time for which your data is stored
Your data will be only stored for as long as necessary to fulfill the respective purpose for which we collect them in accordance with the Regulation.
- E) How …ASTRIS……. processes your personal data
Furthermore, the processing of the data is done both on printed and electronic means and is recorded in the Company’s corporate system in accordance with applicable laws – including provisions on data security and confidentiality and in accordance with the principles of fairness and lawful processing.
- F) How …ASTRIS….. discloses your personal data
Your personal data are processed by authorized officials. ASTRIS… further may share your data with other partners, such as law firms, insurance companies, PCOs, Notified Bodies, or public service and information systems, banks and insurance funds, as part of our compliance with external and internal regulations or where otherwise required by law.
In the context of the Company’s business activity, personal data may be disclosed to suppliers or externals of the Company. However, in this case, legal or natural person will process such data only for the purpose of providing the services to the Company and not for their own benefit, acting as processors and having committed themselves with a Statement of Confidentiality.
Exceptionally, personal data may be disclosed to third parties (police and prosecuting authorities), only if there is a statutory obligation or by a judicial authority.
- G) Transfers of personal data to third countries or international organizations
ASTRIS LTD doesn’t transfer personal data to third countries or international organizations. In any case of transmission outside of the European Economic Area, ASTRIS LTD will obey the Regulation.
5.- Rights of the data subject
The data subject has the right to obtain from ASTRIS LTD confirmation as to whether or not his or her personal data are being processed by this company and have access to them.
The data subject may at any time contact the Company (telephone number: +302102020122 & e-mail: info@astismed.gr), to exercise the rights provided for in the General Data Protection Regulation (Articles 15-22), such as access to personal data (in order to know the purposes of the processing and the recipients of the data), the verification of the content, its origin, accuracy and location, the obtaining of a copy, updating or modification of the data, in the cases stipulated by the law, the request for definition of the data, the request for deletion of data etc. These rights are, in principle, exercised at no cost to the underlying.
In addition, if you (the data subject) have given explicit consent to the processing of your personal data for one or more specified purposes, you may withdraw your consent at any time by a simple revocation statement (contact phone number: +302102020122, e-mail: info@astrismed.gr, address: 351, Patission Av., 11144 Athens GR).
Finally, at any time you have the right to submit directly a complaint to the Hellenic Data Protection Authority (HDPA) (www.dpa.gr).