APPOINTMENT
EMERGENCY
CONTACT US
Medifirst Modern logo
Athinaiki General Clinic logo

Personal Data – Video filming - Cookies

Introduction
For ATHINAIKI GENERAL CLINIC SINGLE-MEMBER S.A. and its employees, the respect of privacy and protection of data confidentiality and security of its patients, patient escorts, visitors, partners and associates, as well as all natural persons dealing with the Clinic in any way, are top priority. We would like to assure you that the Clinic collects, processes, and stores your data according to the General Data Protection Regulation (EU) 679/2016 and Law 4,624/2019, as well as any other currently applicable law about data, the provision of secondary health care services, the Code of Medical Ethics and Conduct, and the Decisions of the Hellenic Data Protection Authority (HDPA). The Clinic takes all necessary measures to prevent incidents of theft, loss, and leaks of personal data. This information is available at our patient reception desks, as well as on the website of the Clinic.
DATA CONTROLLER: ΑΤΗΙΝΑΙΚΙ GENERAL CLINIC SINGLE-MEMBER S.A., in the context of provision of secondary health care services to you, will process your data in print and electronic form, and will be Data Controller, with its registered office in Athens, at no. 24 Dorylaiou St., P.C. 11521, S.A. Companies Reg. No. (ARMAE) 095173511, and falls within the jurisdiction of the Tax Office for Commercial S.A. Companies (FAEE) of Athens, and has been given General Commercial Registry (GEMI) no. 4343601000.

1. Which categories of Personal Data do we collect and process?

Upon your arrival at the Clinic, in the context of proper delivery of our services, we will create a personal record that will contain all necessary medical and non-medical information that is required, in order for us to be able to provide to you a high level of personalized health services, and therefore, you are required to provide to us information about you, such as:

  • Your Identification data, such as name, surname, date of birth, passport/ID card number, SSN, and TIN.
  • Contact Data that we collect during your reception at the Clinic, and during any other stage of your stay, such as email/correspondence address, and mobile phone/landline/fax number.
  • Payment Data, such as bank account, debit/credit card, and other bankcard numbers.
  • Insurance Data, such as your insurance organization (National Organization for the Provision of Health Services-E.O.P.Y.Y. or Private Insurance provider), in order for the Patient Accounting Department to know how to bill the services that we will provide to you and advise you on the relevant cost as a result of billing our services to you.
  • Special category personal data/formerly known as “sensitive data, such as information necessary for your personal medical record that refer to your physical or mental health (SSN/EOPYY), fitness level, pathological/clinical symptoms, medical tests/examinations, personal/family medical history, medication, past hospitalizations, etc., nationality information, etc, and, where required for diagnosis or treatment, data concerning sexual life or religious beliefs.
  • Settlement Data such as data necessary for managing the financial claims of the Clinic, and forms/documents that are associated with it.
  • Browser Data; if you visit our website, information may be recorded that are associated with your visit (e.g. IP address). Furthermore, while using our website, cookies may be stored in the device that you use. For more information about cookies, please read our relevant notice on our website.
  • Data that we collect while using and filing a complaint form, which are filed anonymously, such as surname (only if stated by the complainant himself or herself, since it is not required), and telephone number.
  • Information we collect when you contact our call centre, including your full name and telephone number;
  • Data we collect from the submission of the contact form (full name and phone number).
  • Data that we collect from candidates who are interested in working in our Clinic (surname, telephone number, CV information).
  • Data that we collect from completing a Satisfaction Questionnaire (name, degree of personal satisfaction, service evaluation)
  • Finally, we collect image data during your entry into the building and premises of our Clinic through the operation of closed circuit television (CCTV) cameras, about the operation of which, you are informed as soon as you enter our premises, fully adhering to all provisions that apply under current legislation.
We treat all information in confidence as classified and make every effort to collect only absolutely necessary information in accordance with medical standards, and it is not processed for purposes other than those described herein.

2. From which sources do we collect Personal Data?

From you: when you enter the reception points of the Clinic to make use of our medical services, the staff of the Clinic will ensure that the necessary details are collected from patients, who will fill in the special patient information form. If the patient is unable to do so, the information will be obtained from the patient’s companion or relative.
From you: through disclosure and completion of questionnaires that will be included in your medical record, from medical examinations you provide us, medical procedures, information arising from any codes assigned for the purpose of providing healthcare services, medical opinions from doctors, hospitalisation history, X-rays and medical imaging and generally any kind of medical information concerning your past or current physical health.
Special categories of personal data, primarily health data, may specifically be collected by the Clinic through contracted health service providers (such as hospitals, private clinics, diagnostic centres, doctors, etc.).
If you are a client of an insurance company with which our Clinic has a cooperation agreement, we will receive your data from the insurance company when you come for medical examinations or hospitalization, in order to cover the medical expenses according to the terms of our agreement with the insurance company.
From visitors/users of our website; only if they provide them voluntarily, in order to process the filed electronic applications.

3. What purposes do we process your Data for?

The Clinic provides secondary healthcare services, which include diagnosis, treatment, and medical consultations. Within this context, your data is subject to automated and non-automated processing for the following purposes:

  • Personal data and special category personal data are collected and processed by the staff of the Clinic for the purpose of provision of secondary health care services to you according to the national legislation. Therefore, the legal basis for this processing is to Provide Health services according to General Regulation 679/2016 and Law 4,624/2019. 4624/2019.
  • Both general personal data and special categories of data are collected and processed by authorized Clinic personnel for the purpose of covering your hospitalization costs either by the social insurance provider, pursuant to applicable social security legislation, or by your private insurance company, according to the terms and conditions of your insurance policy. In this case, the legal basis for the data transfer is your explicit consent. Specifically, by providing your consent, you authorize the Clinic to transmit your personal data on your behalf to your social insurance provider (e.g., EOPYY) or private insurance company, in order to request coverage of your medical expenses. This consent is provided for your convenience and in order to avoid having to cover the full cost of your medical care. The provision of consent is voluntary. If you do not wish for your medical record data to be transferred by the Clinic for this purpose, you will be required to pay the full amount of the medical expenses to the Clinic and may subsequently seek reimbursement from your insurance provider according to the terms of your policy, by submitting the necessary documentation.
  • Both general personal data and special categories of data collected and processed by the Clinic’s staff for the provision of secondary healthcare services may also be processed to safeguard the legitimate interests of the Clinic, such as establishing, exercising, defending, or supporting legal claims. The legal basis for this processing is the legitimate interest of the Clinic.
  • If you are a client of a private insurance company with which our Clinic has a cooperation agreement, both general and special category data are collected and processed by authorized personnel for the purpose of covering the costs of your secondary healthcare services by your private insurance company, in accordance with the terms of the agreement between the Clinic and the insurance provider.
  • Your general personal data submitted through cooperation/employment applications is processed with your consent and for fulfilling contractual and legal obligations of the Clinic arising from labor and social security law.
  • Your general personal data collected through the optional completion of the Patient/Visitor Satisfaction Questionnaire is processed for quality control of the services we provide, with the aim of assessing client satisfaction levels and continuously improving our services and procedures. The legal basis for this processing is the legitimate interest of the Clinic to meet the needs and expectations of our patients and to improve our services.

4. Where do we send your personal data?

  • Your data will be transmitted to our departments, and members of our nursing, medical, and administrative staff who are responsible for the provision of personalized services to you. For example, the Medical and Nursing Services, Admissions Office, Patient Accounting Department, Legal Department, etc.
  • Your data, both general and special categories of personal data, will be transmitted to and become accessible by legal entities with which we maintain contracts from time to time, for the purpose of your insurance coverage (e.g., insurance companies, insurance funds, social security institutions, etc.). In such cases, these legal entities will process your personal data (including general and/or special categories of data) that we provide to them, having obtained your prior consent, in order to reimburse the healthcare service we provide to you and to relieve you from the burden of the total cost of medical expenses.
  • Your basic data may be transmitted and processed by our parent company, Achmea BV, which has its registered offices established in the Netherlands, in the Netherlands, as well as other affiliated companies of the Achmea Group within the European Union for purposes of transparency and control of compliance with the group’s corporate policies. In this case, special categories of data will not be transmitted unless there is a legal obligation to do so.
  • In each transfer, we shall always take every measure, in order for the data that will be forwarded to always be the minimum necessary, and ensure that the conditions will be always met for their legal and statutory processing.
  • Moreover, as it provided for in legislation, the Clinic may disclose your data to Public Services, Insurance Funds, Judicial, public, and independent Authorities, lawyers, monitoring Authorities, such as, for example, Police Departments, the Road Traffic Police, Public Prosecution Authorities, independent auditing firms upon lawful request, and Services of the Ministry of Health, provided that this is absolutely necessary, in order to protect the legal rights or fulfill the legal obligations of the Clinic.
Finally, in the context of provision of its medical services to you, the Clinic may transmit your data, personal data and special categories data, to its third-party partners, and Outpatient Diagnostic Centers, to carry out personalized medical tests that cannot be carried out in the Clinic, such as the Hellenic Pasteur Institute, MEDISYN, Euroclinic, Bioiatriki, Agios Savvas, Sotiria, Tzartos, Paterakis, Laiko Blood Donation, Microanalysis, Locus Medicus, ISTOMEDICA, GK Pathology – Grigoriadis, Istodomi – Papamichail, Kapralou Amalia, Agapitos Emmanouil, the Hellenic National School of Public Health, the National Public Health Organization (EODY), the Health Directorate of the Region of Attica, partnering physicians who provide independent services to the Clinic, partnering Suppliers for the maintenance of medical equipment, software and application providers, and print material storage and filing companies.
Regarding the surveys that our Clinic may conduct to investigate the level of satisfaction of its customers/patients, the questionnaires may be sent to your email, through third-party companies that collaborate with our Clinic from time to time (such as Private Review). In this case, you should be aware that completing the questionnaires is optional and that we will only transmit to the third-party company the minimum necessary data (email, date of visit). In this case, the entity and/its personnel who will process them, will act as processors, exclusively for the purpose of providing services to us, with all contractual commitments provided by law for the protection of personal data.

5. For how long do you keep my data on file?

  • We will keep your data for as long as it is provided for in national legislation, both in paper and electronic form, and more specifically, under Law 3,418/2005, (GGI Α 287/28.11.2005) , we are obliged to keep your data for at least 20 years from each admission or visit.
  • Moreover, we will keep your data for any additional time that may be required, until the time comes to write off any relevant legal claims of the Clinic.
  • We will keep your data that we collect from application forms for recruitment/cooperation with our Clinic, for a period of three (3) years.
  • Data from closed circuit television (CCTV) cameras will be kept for 15 days. In case of an incident affecting our Clinic, its staff, or third-party visitors, the images, in which, the specific incident has been captured, may be kept in a separate record for a longer period, under applicable legislation.

6. What rights do I have in relation to the processing of my data?

Your rights are set out in the General Data Protection Regulation (GDPR, Regulation (EU) 2016/679), Law 4,624/2019, and more specifically, you may exercise the following rights, as appropriate:
(1) right to access, in order for you to know what data of yours we process, for what purpose, and their recipients, and also get copies of the data that are kept in our Clinic.
(2) the right to rectification: to request correction of any omissions or inaccuracies in your data.
(3) right to erasure, in order to request the erasure of personal data that refer to you, if you no longer wish these data to be subjected to processing, and if there are no legal grounds for our Clinic to keep and process them as a Data Controller. When can we refuse requests for erasure? You should become aware that the right to erasure is not an absolute right, and cannot be honored, when your information is subjected to processing on specific legal grounds, as those described above, including the exercise or defense of legal claims by the Clinic. Do we have to notify other recipients of your personal data, of your request for erasure? If your right to erasure is honored, after we have provided the personal data that you wish to be erased to third parties, we will take action to notify them of your request for erasure, in order for them, in turn, to erase the personal data in question, although this may not be always possible, or may involve a disproportionate effort from our Clinic.
(4) right to restrict processing, in order to restrict the processing of your Personal Data, if you dispute the accuracy of information, and until the accuracy of information is confirmed, or if the processing is no longer required by the Clinic, but you need them, in order to raise, exercise, or defend a legal claim. When can we refuse requests for restriction of processing? You should become aware that this right of yours, as well, is not an absolute right, and cannot be honored, when your information is subjected to processing on specific legal grounds, as those described above, including the exercise or defense of legal claims by the Clinic. Do we have to notify other recipients of your personal data, of the restriction? In case we have shared your Personal Data with third parties, we will take action, if this is possible, to notify them of the restriction of processing of your information, in order for them to stop processing it.
(5) the right to portability: this right enables you to receive and transfer your data in a structured and commonly used format.
  • If you have any question about the processing of your Personal Data, or you wish to exercise any right of yours from those provided for in the General Regulation (EU) 679/2016, or file a complaint regarding your Personal Data, you may contact the Data Protection Officer of the Clinic, by completing the corresponding “Exercise of Rights Form E.DD.02” of the Clinic which is available on the site and at the Clinic reception entrance or by sending a letter to the following address: 124-126 Andrea Syngrou Avenue, Athens, or through an e-mail message to the following e-mail address dpo@interamerican.gr.
  • Please clearly state in your request, the right that you exercise regarding the personal data that you request. If your request is not clear, we may request from you further personal data, for purposes of clarification. In order for us to be able to answer each request of yours, we may request ID data of yours, such as proof of ID, passport, and enough additional personal data of yours, in order for us to be able to safely find the personal data that you request. After you exercise any of these rights of yours, we will take every possible action to answer your request within thirty (30) days from its receipt, and we will notify you of either honoring it or the objective grounds that prevent us from honoring it or the justified time extension of its answer.
  • If you are not satisfied with the response to your request regarding your personal data, you always have the right to contact the Hellenic Data Protection Authority, which accepts the submission of complaints either by calling the Call Center at +30-210 6475600, by submitting your request in writing to its registry (1-3 Kifisias Avenue, GR-115 23, Athens), or by sending it electronically through the Authority’s website at www.dpa.gr.

7. How do you ensure the security of my data?

The security of your data is our highest priority and an absolute commitment. To achieve this, we implement a comprehensive set of strict physical and electronic security measures. Regarding physical security, we ensure the presence of trained security personnel on our premises to prevent unauthorized access. In addition, a closed-circuit television (CCTV) system has been installed to monitor all critical areas, such as data server rooms, file storage areas, and restricted-access zones. At the electronic security level, we enforce a Resource Usage Policy, a Security Policy, and supporting procedures that clearly define the rules for the use of information systems and data management. We utilize advanced technological measures including firewall systems that filter and control incoming and outgoing network traffic to block malicious attacks; antivirus and antimalware software that detects, prevents, and neutralizes viruses, ransomware, and other digital threats; Data Loss Prevention (DLP) systems that monitor and control the movement of data, ensuring that sensitive information is not transferred or disclosed without authorization; two-factor authentication (2FA) that strengthens access to systems by requiring additional proof of identity beyond a password; and data encryption, applied as appropriate, both for data in transit and data at rest, ensuring that information remains unreadable to unauthorized parties. Access control mechanisms are also in place based on role-based access control (RBAC), ensuring that staff have access only to the information necessary to perform their duties. In addition to these safeguards, we regularly perform security checks and tests, including vulnerability assessments, penetration testing, and compliance audits against international security standards. We also provide continuous training and awareness programs to our employees on cybersecurity matters, strengthening the human layer of defense against threats. At the electronic security level, we enforce a Resource Usage Policy, a Security Policy, and supporting procedures that clearly define the rules for the use of information systems and data management. We utilize advanced technological measures including firewall systems that filter and control incoming and outgoing network traffic to block malicious attacks; antivirus and antimalware software that detects, prevents, and neutralizes viruses, ransomware, and other digital threats; Data Loss Prevention (DLP) systems that monitor and control the movement of data, ensuring that sensitive information is not transferred or disclosed without authorization; two-factor authentication (2FA) that strengthens access to systems by requiring additional proof of identity beyond a password; and data encryption, applied as appropriate, both for data in transit and data at rest, ensuring that information remains unreadable to unauthorized parties. Access control mechanisms are also in place based on role-based access control (RBAC), ensuring that staff have access only to the information necessary to perform their duties. In addition to these safeguards, we regularly perform security checks and tests, including vulnerability assessments, penetration testing, and compliance audits against international security standards. We also provide continuous training and awareness programs to our employees on cybersecurity matters, strengthening the human layer of defense against threats.

*This Data Processing Information Sheet was updated in July 2025. We reserve the right to amend or update this Information Sheet at any time. We will notify you of any changes, by publishing a new Information Sheet and posting it on the website of our Clinic, and notifying you in any appropriate way, as soon as possible, including through email messages. We encourage you to consult regularly this Information Sheet for any changes.
Personal Data – Video Filming

You can click here to learn about the processing of personal data from video surveillance systems.

Introduction
A key priority for the ALIMOS MODERN PRIVATE CLINIC (MEDICAL SINGLE-MEMBER) SA, trading as MEDIFIRST ALIMOS, MEDIFIRST MAROUSI and MEDIFIRST PERISTERI and their employees, is respect for privacy and protection of the confidentiality and security of the personal data of visitors, patients, patient companions, our external associates and all natural persons who interact in any way with the clinic. We would like to assure you that the clinic collects, processes and stores your personal data in accordance with the General Data Protection Regulation (EU) 679/2016 and Law 4624/2019, as well as any other applicable legislation pertaining to personal data protection, the provision of primary health care services, the Code of Medical Ethics and Deontology, and the decisions of the Hellenic Data Protection Authority. The clinic takes every necessary measure to prevent theft, loss or leaks of personal data. This notice is available at our visitor reception points as well as on the online website of the clinic.

ALIMOS MODERN PRIVATE CLINIC (MEDICAL SINGLE-MEMBER) SA trading as MEDIFIRST ALIMOS, MEDIFIRST MAROUSI and MEDIFIRST PERISTERI has its registered offices in Argyroupoli Attica, at 1 Geroulano Street and Polemiston Street, holder of Tax ID No 999862640 registered with the Piraeus Tax Office for Commercial Companies, and holder of General Commercial Register (G.E.MI.) No 51046/01N/B/B/02/33 (hereinafter referred to as ‘the Clinic’). Within the framework of the provision of primary health care services to you, the Clinic will process
your personal data in printed and electronic form and will act in the capacity of data controller in accordance with the legislation, having (as indicated above) its registered offices in Argyroupoli Attica, at 1 Geroulano Street and Polemiston Street, holder of Tax ID No 999862640 registered with the Piraeus Tax Office for Commercial Companies,
and holder of General Commercial Register (G.E.MI.) No 51046/01N/B/B/02/33.

1. Which categories of personal data do we collect and process?

When you arrive at the respective reception point, within the framework of proper provision of our services, we will create a personal file that will
include all necessary medical and other information required to provide you with high-level personalised
healthcare services. In order to do this, it is necessary for you to disclose certain information about yourself to us. This information will indicatively include the following:

  • Identity data, e.g. first name, last name, date of birth, police ID/passport number, social security number (AMKA), Tax ID number;
  • Contact information, which we collect at the reception stage, including e-mail address/
    postal address, telephone numbers (mobile/landline/fax);
  • Payment information such as bank account details, debit/credit cards or other bank cards;
  • Insurance information, details of your public insurance institution and/or private insurance company and your social security registration number (AMKA),
    so that the Accounts Office knows how to bill our services and can provide you with the necessary information regarding the cost of services;
  • Special categories of personal data /prior sensitive information, such as your social security number (AMKA), physical condition, pathological/clinical symptoms, medical examinations, personal and/or family medical history, medication, past hospitalisation, details of nationality and as appropriate, if strictly necessary for diagnosis or treatment purposes, information relating to your sexual life or your religious beliefs;
  • Bill settlement information, such as data necessary to manage the financial requirements of the Clinic and related or supporting documents;
  • Data we collect when you use and submit a complaint form, such as full name and telephone number; the
    complaint form is in principle submitted anonymously, and personal details only need to be given if the complainant themselves wishes to do so in order to receive specific information from the Clinic;
  • Information we collect when you contact our call centre, including your full name and telephone number;
  • Information we collect from contact forms submitted online (full name and telephone number);
  • Data we collect via completion of a customer satisfaction questionnaire (full name);
  • Lastly, image data is collected when you enter the building and on our premises by the CCTV system that we have in operation, which in compliance with applicable legislative provisions, you are promptly informed about when you enter our premises.
We treat all information in confidence as classified and make every effort to collect only absolutely necessary information in accordance with medical standards, and it is not processed for purposes other than those described herein.

2. Where do we collect personal data from?

From you: when you enter our reception points to take advantage of our medical services, our staff will ensure that necessary details are collected through completion of the special patient information form. If the patient is unable to do so, the information will be obtained from the patient’s companion or relative.
From you: through disclosure and completion of questionnaires that will be included in your medical record, from medical examinations you provide us, medical procedures, information arising from any codes assigned for the purpose of providing healthcare services, medical opinions from doctors, hospitalisation history, X-rays and medical imaging, and generally any kind of medical information concerning your past or current physical health.
Special categories of personal data, primarily health data, may specifically be collected by the Clinic through contracted health service providers (such as hospitals, private clinics, diagnostic centres, doctors, etc.).
From visitors/users of our website, exclusively and only when they themselves voluntarily supply information so that we can process electronic requests.

3. Why do we process your personal data?

The Clinic provides primary health care services, which do not require admission to a hospital care facility and which include diagnosis, monitoring, treatment and medical visits. In this context, your data is subjected to automated and manual processing for the following purposes:
  • Both basic and special categories of data are collected and processed/submitted to processing by our staff for the purpose of providing you with primary healthcare services. In consequence, the legal basis for processing is deemed to be the provision of health services in accordance with the General Data Protection Regulation (GDPR) 679/2016 and Law 4624/2019. 4624/2019
  • Both basic data and special categories of data are collected and processed and/or submitted for processing by the Clinic’s duly authorised staff and are used to ensure coverage of the costs of your primary healthcare treatment by your private insurance company in accordance with the respective contractual terms of your insurance policy, after you have given your express prior consent to the transfer of your data. In this case, the legal basis for the processing of your data is your express consent. More specifically, by giving your consent, you authorise the Clinic to transfer your information on your behalf so that payment of the contractual contribution to your medical expenses can be claimed from the private insurance company with which you are insured. This consent is obtained for your own convenience, to ensure that you are not burdened with the full cost of your medical expenses. Consent is granted freely. If you do not wish your medical file information to be forwarded by the Clinic for this purpose, we wish to inform you that you will be liable for payment of the full cost of your medical expenses to the Clinic, and that you may accordingly then claim compensation from your private insurance company, in accordance with the terms of your insurance contract, by submitting the necessary information from the respective entity.
  • Both basic data and special categories of data collected and processed by the Clinic’s personnel for the purpose of providing primary healthcare services are also processed for the purposes of defending the Clinic’s legitimate interests, including the establishment, exercise, defense and support of any form of lawful claim. Consequently, the legal basis for processing in this case is the legitimate interest of the Clinic.
  • We process your basic data, collected during optional completion of the Patient/Guest Satisfaction Questionnaire, to determine the quality of our services and to investigate the level of satisfaction of our clients.

4. Where do we send your personal data?

  • Your data will be forwarded to nursing, medical and administrative staff in our departments, who are responsible for the provision of our personalised services to you. Indicatively, these departments include the Patient Coordination Office, the Patient Accounts Office, Legal Services etc.
  • Your personal data, both basic and special category, will, with your consent, be transmitted to and made accessible to legal entities with which we enter into contracts from time to time, with regard to your insurance coverage (i.e. insurance companies etc.). In this case, these legal entities will process your data (basic and/or special categories of personal data) which we will send them in order to make their contribution to the cost of healthcare services we are providing to you, within the framework of the insurance contract that you have entered into with them.
  • Your basic data may be transmitted and processed by our parent company, Achmea BV, which has its registered offices established in the Netherlands, in the Netherlands, as well as other affiliated companies of the Achmea Group within the European Union for purposes of transparency and control of compliance with the group’s corporate policies. In this case, special categories of data will not be transmitted unless there is a legal obligation to do so.
  • In each transfer, we shall always take every measure, in order for the data that will be forwarded to always be the minimum necessary, and ensure that the conditions will be always met for their legal and statutory processing.
  • As provided for by law, the Clinic may disclose your data to public services, insurance funds, judicial, public and independent authorities, to lawyers, supervisory authorities, for example, police departments, traffic police, prosecutorial authorities, independent audit firms subject to a legitimate request on their part, to departments of the Ministry of Health, if this is strictly necessary for the defense of legal rights or the fulfillment of legal obligations of the Clinic.
  • Lastly, in the context of providing of medical services to you, the Clinic may transfer your basic and special categories of personal data to its third-party associates, external diagnostic centres or to pathology laboratories for the conduct of specialised medical examinations not carried out in the Clinic, such as the Pasteur Institute, MICROANALYSIS, MEDISYN, SIANOS (CYTOLAB), the School of Public Health, to collaborators of doctors who provide independent services to the School of Public Health, the National Public Health Organisation (EODY), Attica Region’s Department of Health, as well as to suppliers of special medical materials, to collaborating doctors who provide independent services to the Clinic, to contracted medical equipment maintenance service providers, to companies providing software and applications, to printed materials storage and archiving companies.

5. How long do you keep my data on file?

  • We will retain your data for as long as provided for by national legislation in both paper and electronic format and specifically in accordance with Law 3418/2005, (Government Gazette, Series I, No 287/28.11.2005), we are obliged to keep your data for a period of 10 years from the date of any visit.
  • We will also retain your data for as long as necessary until the expiry of the period of limitations pertaining to any relevant legal claims of the Clinic.
  • Closed circuit television (CCTV) security recording data will be retained for 15 days. In the case of incidents causing harm to the Clinic, its staff, or third-party visitors, the images recorded from the specific event may be retained in a separate file for a longer period of time, in accordance with applicable legislation.

6. What rights do I have in relation to the processing of my data?

You have the rights set out in the General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679), and Law 4624/2019, and you may specifically exercise, as appropriate, the following rights:
(1) the right of access: to find out what data we process about you, for what reason, and who the recipients of this data are, as well as to receive copies of the data that is held at our clinic;
(2) the right to rectification: to request correction of any omissions or inaccuracies in your data.
(3) the right to erasure: to request the deletion of personal data concerning you, if you no longer wish for these data to be processed and if there is no legitimate reason for our clinic as data controller to retain and process them. When can we refuse requests for erasure? You should be aware that the right to erasure is not an absolute right, it cannot be satisfied if your information is being processed for certain legitimate reasons such as those described above, including the exercise or defense of the Clinic’s legal claims. Are we obliged to inform other recipients of your personal data about your request for erasure? In the event that your right to erasure has been satisfied, and we have provided your personal data to third parties, we will take measures to inform them of your request for erasure so that they, in turn, can delete the personal data in question. However, this may not always be feasible, or it may involve disproportionate effort on the part of our clinic.
(4) the right to restrict processing: you may ask to have the processing of your personal data restricted if you wish to contest the accuracy of the data and until its accuracy is verified, or if processing of the data by the Clinic is no longer necessary, but you require it to raise, exercise or defend legal claims. When can we refuse requests for restriction of processing? You should be aware that this right too is not an absolute right, it cannot be satisfied if your information is being processed for certain legal reasons such as those described above, including the exercise or defense of the Clinic’s legal claims. Are we required to inform other data recipients regarding the restrictions? If we have shared your personal data with third parties, we will take steps wherever feasible to inform the recipients regarding the restriction of processing of your personal information so that they do not continue to process it.
(5) the right to portability: this right enables you to receive and transfer your data in a structured and commonly used format.
  • If you have questions regarding the processing of your personal data, if you wish to exercise any of your rights under the General Regulation (EU) 679/2016, or you wish to submit a complaint regarding your personal data, you may contact the Clinic’s data protection officer, by filling in the Clinic’s ‘Exercise of Rights Form’, or by sending a letter by post to the address: 124-126 Syggrou Avenue, Athens, or by sending an email to
    dpo@interamerican.gr.
  • When making your request, please be clear about which right you wish to exercise in relation to your personal data. If your request is not specific, we may have to ask you for further personal information for the purposes of clarification. In order to be able to resolve any request you may make, we may ask you for further proof of identity, such as identity card or passport details and other additional personal data so that we can securely identify the personal data in question. If you exercise any of these rights, we will take all reasonable measures to respond to your application within thirty (30) days of receipt, and we will duly inform you either of the satisfactory resolution of your issue, or of the objective reasons preventing its satisfaction, or of the reasons requiring an extension of the response time.
  • If you are not satisfied with the response to your application regarding your personal data, you nevertheless in any case retain the right to contact the Personal Data Protection Authority, which also accepts the submission of relevant complaints, either by contacting the call centre on +30 210 6475600, or by submitting your request in writing to its offices (1-3 Kifisias Avenue, Postcode 115 23, Athens) or lastly, by sending an email to: contact@dpa.gr

7. How do you ensure the security of my data?

The security of your data is an absolute commitment for us. To accomplish this, we apply all of the latest appropriate technical and organisational measures for processing purposes. We confirm compliance with these measures via regular periodic checks, in order to:
Protect your personal data from unauthorised access and improper use;
Secure our IT systems and safeguard information;
Ensure that we can restore your data in cases where your data is otherwise damaged or lost.
Indicative measures to support both physical and electronic security of the data processed in our clinic include the security physical presence in our building, the installation of a closed circuit monitoring system for critical areas, the implementation of resource fair use and security policies as well as support procedures, the installation of firewalls, antivirus and antimalware software, the implementation of data loss prevention (DLP) systems, the use of two-factor authentication (2FA), encryption as necessary, and others.
*This personal data processing notice was updated in July 2022. We reserve the right to modify or update this notice at any time. We will notify you of any changes by publishing the updated notice and posting it on the Clinic’s website and informing you of this by any appropriate means, at the earliest opportunity, including by email. We also encourage you to consult this notice regularly to review any changes that may have been made.
Personal Data – Video Filming

You can click here to learn about the processing of personal data from video surveillance systems.

What are cookies?
They are small text files sent to the browser you use and stored on your computer, mobile phone or other electronic device, while you are using our website. Cookies help us track performance and traffic to our website, helping us to improve its presentation and content according to the preferences of our visitors.
ATHINAIKI GENERAL CLINIC SINGLE MEMBER SA
Introduction

For ATHINAIKI GENERAL CLINIC SINGLE-MEMBER S.A. and its employees, the respect of privacy and protection of data confidentiality and security of its patients, patient escorts, visitors, partners and associates, as well as all natural persons dealing with the Clinic in any way, are top priority. We would like to assure you that the Clinic collects, processes, and stores your data according to the General Data Protection Regulation (EU) 679/2016 and Law 4,624/2019, as well as any other currently applicable law about data, the provision of secondary health care services, the Code of Medical Ethics and Conduct, and the Decisions of the Hellenic Data Protection Authority (HDPA). The Clinic takes all necessary measures to prevent incidents of theft, loss, and leaks of personal data. This information is available at our patient reception desks, as well as on the website of the Clinic.

DATA CONTROLLER: ΑΤΗΙΝΑΙΚΙ GENERAL CLINIC SINGLE-MEMBER S.A., in the context of provision of secondary health care services to you, will process your data in print and electronic form, and will be Data Controller, with its registered office in Athens, at no. 24 Dorylaiou St., P.C. 11521, S.A. Companies Reg. No. (ARMAE) 095173511, and falls within the jurisdiction of the Tax Office for Commercial S.A. Companies (FAEE) of Athens, and has been given General Commercial Registry (GEMI) no. 4343601000.

1. Which categories of Personal Data do we collect and process?

Upon your arrival at the Clinic, in the context of proper delivery of our services, we will create a personal record that will contain all necessary medical and non-medical information that is required, in order for us to be able to provide to you a high level of personalized health services, and therefore, you are required to provide to us information about you, such as:
  • Your Identification data, such as name, surname, date of birth, passport/ID card number, SSN, and TIN.
  • Contact Data that we collect during your reception at the Clinic, and during any other stage of your stay, such as email/correspondence address, and mobile phone/landline/fax number.
  • Payment Data, such as bank account, debit/credit card, and other bankcard numbers.
  • Insurance Data, such as your insurance organization (National Organization for the Provision of Health Services-E.O.P.Y.Y. or Private Insurance provider), in order for the Patient Accounting Department to know how to bill the services that we will provide to you and advise you on the relevant cost as a result of billing our services to you.
  • Special category personal data/formerly known as “sensitive data, such as information necessary for your personal medical record that refer to your physical or mental health (SSN/EOPYY), fitness level, pathological/clinical symptoms, medical tests/examinations, personal/family medical history, medication, past hospitalizations, etc., nationality information, etc, and, where required for diagnosis or treatment, data concerning sexual life or religious beliefs.
  • Settlement Data such as data necessary for managing the financial claims of the Clinic, and forms/documents that are associated with it.
  • Browser Data; if you visit our website, information may be recorded that are associated with your visit (e.g. IP address). Furthermore, while using our website, cookies may be stored in the device that you use. For more information about cookies, please read our relevant notice on our website.
  • Data that we collect while using and filing a complaint form, which are filed anonymously, such as surname (only if stated by the complainant himself or herself, since it is not required), and telephone number.
  • Information we collect when you contact our call centre, including your full name and telephone number;
  • Data we collect from the submission of the contact form (full name and phone number).
  • Data that we collect from candidates who are interested in working in our Clinic (surname, telephone number, CV information).
  • Data that we collect from completing a Satisfaction Questionnaire (name, degree of personal satisfaction, service evaluation)
  • Finally, we collect image data during your entry into the building and premises of our Clinic through the operation of closed circuit television (CCTV) cameras, about the operation of which, you are informed as soon as you enter our premises, fully adhering to all provisions that apply under current legislation.
We treat all information with confidentiality, as private, and do our best to collect only information that is necessary according to medical standards, and we shall not process it for purposes other than those described in this information sheet.

2. From which sources do we collect Personal Data?

From you; as soon as you reach the reception desks of the Clinic, in order to provide our medical services to you, the staff of our Clinic makes sure to collect all necessary information by completing a special form with the personal details of the patient, and in case of the patient’s incapacity, these data are collected from the patient’s escort or relative.
From you; through the declaration and completion of question forms that will be included in your personal medical record, and from medical tests/examinations that you present to us, medical acts, information derived from any signs and symbols that are attached for health service provision purposes, medical reports, history of other hospitalizations of yours, X-rays, and medical imaging, and any type of medical information, in general, that refers to your past or present physical health.
Regarding the special category personal data, in specific, that are mostly health data, in addition to those that are disclosed by you, the Clinic can collect them through contractual health service providers (e.g. hospitals, private clinics, diagnostic centers, physicians, etc.).
If you are a client of an insurance company with which our Clinic has a cooperation agreement, we will receive your data from the insurance company when you come for medical examinations or hospitalization, in order to cover the medical expenses according to the terms of our agreement with the insurance company.
From visitors/users of our website; only if they provide them voluntarily, in order to process the filed electronic applications.

3. What purposes do we process your Data for?

The Clinic provides secondary healthcare services, which include diagnosis, treatment, and medical consultations. Within this context, your data is subject to automated and non-automated processing for the following purposes:

  • Both general personal data and special categories of data are collected and processed by the Clinic’s staff for the purpose of providing secondary healthcare services to you. Accordingly, the legal basis for this processing is the provision of healthcare services, in accordance with Regulation (EU) 2016/679 (GDPR) and Law 4624/2019. 4624/2019.
  • Both general personal data and special categories of data are collected and processed by authorized Clinic personnel for the purpose of covering your hospitalization costs either by the social insurance provider, pursuant to applicable social security legislation, or by your private insurance company, according to the terms and conditions of your insurance policy. In this case, the legal basis for the data transfer is your explicit consent. Specifically, by providing your consent, you authorize the Clinic to transmit your personal data on your behalf to your social insurance provider (e.g., EOPYY) or private insurance company, in order to request coverage of your medical expenses. This consent is provided for your convenience and in order to avoid having to cover the full cost of your medical care. The provision of consent is voluntary. If you do not wish for your medical record data to be transferred by the Clinic for this purpose, you will be required to pay the full amount of the medical expenses to the Clinic and may subsequently seek reimbursement from your insurance provider according to the terms of your policy, by submitting the necessary documentation.
  • Both general personal data and special categories of data collected and processed by the Clinic’s staff for the provision of secondary healthcare services may also be processed to safeguard the legitimate interests of the Clinic, such as establishing, exercising, defending, or supporting legal claims. The legal basis for this processing is the legitimate interest of the Clinic.
  • If you are a client of a private insurance company with which our Clinic has a cooperation agreement, both general and special category data are collected and processed by authorized personnel for the purpose of covering the costs of your secondary healthcare services by your private insurance company, in accordance with the terms of the agreement between the Clinic and the insurance provider.
  • Your general personal data submitted through cooperation/employment applications is processed with your consent and for fulfilling contractual and legal obligations of the Clinic arising from labor and social security law.
  • Your general personal data collected through the optional completion of the Patient/Visitor Satisfaction Questionnaire is processed for quality control of the services we provide, with the aim of assessing client satisfaction levels and continuously improving our services and procedures. The legal basis for this processing is the legitimate interest of the Clinic to meet the needs and expectations of our patients and to improve our services.

4. Where do we transmit your Personal Data (Receivers)?

  • Your data will be transmitted to our departments, and members of our nursing, medical, and administrative staff who are responsible for the provision of personalized services to you. For example, the Medical and Nursing Services, Admissions Office, Patient Accounting Department, Legal Department, etc.
  • Your data, both general and special categories of personal data, will be transmitted to and become accessible by legal entities with which we maintain contracts from time to time, for the purpose of your insurance coverage (e.g., insurance companies, insurance funds, social security institutions, etc.). In such cases, these legal entities will process your personal data (including general and/or special categories of data) that we provide to them, having obtained your prior consent, in order to reimburse the healthcare service we provide to you and to relieve you from the burden of the total cost of medical expenses.
  • Your Personal Data may be transmitted to and processed by our parent company, “Achmea B.V.”, which is based in the Netherlands, as well as other affiliated companies of the same Achmea Group, within the European Union. In this case, no special category personal data will be forwarded, unless there is legal obligation to do so, for purposes of transparency and compliance oversight with Group policies. In this case, no special category personal data will be forwarded, unless there is legal obligation to do so.
  • In each transfer, we shall always take every measure, in order for the data that will be forwarded to always be the minimum necessary, and ensure that the conditions will be always met for their legal and statutory processing.
  • Moreover, as it provided for in legislation, the Clinic may disclose your data to Public Services, Insurance Funds, Judicial, public, and independent Authorities, lawyers, monitoring Authorities, such as, for example, Police Departments, the Road Traffic Police, Public Prosecution Authorities, independent auditing firms upon lawful request, and Services of the Ministry of Health, provided that this is absolutely necessary, in order to protect the legal rights or fulfill the legal obligations of the Clinic.

Finally, in the context of provision of its medical services to you, the Clinic may transmit your data, personal data and special categories data, to its third-party partners, and Outpatient Diagnostic Centers, to carry out personalized medical tests that cannot be carried out in the Clinic, such as the Hellenic Pasteur Institute, MEDISYN, Euroclinic, Bioiatriki, Agios Savvas, Sotiria, Tzartos, Paterakis, Laiko Blood Donation, Microanalysis, Locus Medicus, ISTOMEDICA, GK Pathology – Grigoriadis, Istodomi – Papamichail, Kapralou Amalia, Agapitos Emmanouil, the Hellenic National School of Public Health, the National Public Health Organization (EODY), the Health Directorate of the Region of Attica, partnering physicians who provide independent services to the Clinic, partnering Suppliers for the maintenance of medical equipment, software and application providers, and print material storage and filing companies.

Regarding the surveys that our Clinic may conduct to investigate the level of satisfaction of its customers/patients, the questionnaires may be sent to your email, through third-party companies that collaborate with our Clinic from time to time (such as Private Review). In this case, you should be aware that completing the questionnaires is optional and that we will only transmit to the third-party company the minimum necessary data (email, date of visit). In this case, the entity and/its personnel who will process them, will act as processors, exclusively for the purpose of providing services to us, with all contractual commitments provided by law for the protection of personal data.

5. How long will you keep my Data in record for?

  • We will keep your data for as long as it is provided for in national legislation, both in paper and electronic form, and more specifically, under Law 3,418/2005, (GGI Α 287/28.11.2005) , we are obliged to keep your data for at least 20 years from each admission or visit.
  • Moreover, we will keep your data for any additional time that may be required, until the time comes to write off any relevant legal claims of the Clinic.
  • We will keep your data that we collect from application forms for recruitment/cooperation with our Clinic, for a period of three (3) years.
  • Data from closed circuit television (CCTV) cameras will be kept for 15 days. In case of an incident affecting our Clinic, its staff, or third-party visitors, the images, in which, the specific incident has been captured, may be kept in a separate record for a longer period, under applicable legislation.

6. What are my rights regarding the processing of my Data?

Your rights are set out in the General Data Protection Regulation (GDPR, Regulation (EU) 2016/679), Law 4,624/2019, and more specifically, you may exercise the following rights, as appropriate:
(1) right to access, in order for you to know what data of yours we process, for what purpose, and their recipients, and also get copies of the data that are kept in our Clinic.
(2) right to rectification, in order to request that any incomplete or inaccurate data of yours are rectified.
(3) right to erasure, in order to request the erasure of personal data that refer to you, if you no longer wish these data to be subjected to processing, and if there are no legal grounds for our Clinic to keep and process them as a Data Controller. When can we refuse requests for erasure? You should become aware that the right to erasure is not an absolute right, and cannot be honored, when your information is subjected to processing on specific legal grounds, as those described above, including the exercise or defense of legal claims by the Clinic. Do we have to notify other recipients of your personal data, of your request for erasure? If your right to erasure is honored, after we have provided the personal data that you wish to be erased to third parties, we will take action to notify them of your request for erasure, in order for them, in turn, to erase the personal data in question, although this may not be always possible, or may involve a disproportionate effort from our Clinic.
(4) right to restrict processing, in order to restrict the processing of your Personal Data, if you dispute the accuracy of information, and until the accuracy of information is confirmed, or if the processing is no longer required by the Clinic, but you need them, in order to raise, exercise, or defend a legal claim. When can we refuse requests for restriction of processing? You should become aware that this right of yours, as well, is not an absolute right, and cannot be honored, when your information is subjected to processing on specific legal grounds, as those described above, including the exercise or defense of legal claims by the Clinic. Do we have to notify other recipients of your personal data, of the restriction? In case we have shared your Personal Data with third parties, we will take action, if this is possible, to notify them of the restriction of processing of your information, in order for them to stop processing it.
(5) right to portability, in order to get your data in a structured and commonly used format.
  • If you have any question about the processing of your Personal Data, or you wish to exercise any right of yours from those provided for in the General Regulation (EU) 679/2016, or file a complaint regarding your Personal Data, you may contact the Data Protection Officer of the Clinic, by completing the corresponding “Exercise of Rights Form E.DD.02” of the Clinic which is available on the site and at the Clinic reception entrance or by sending a letter to the following address: 124-126 Andrea Syngrou Avenue, Athens, or through an e-mail message to the following e-mail address dpo@interamerican.gr.
  • Please clearly state in your request, the right that you exercise regarding the personal data that you request. If your request is not clear, we may request from you further personal data, for purposes of clarification. In order for us to be able to answer each request of yours, we may request ID data of yours, such as proof of ID, passport, and enough additional personal data of yours, in order for us to be able to safely find the personal data that you request. After you exercise any of these rights of yours, we will take every possible action to answer your request within thirty (30) days from its receipt, and we will notify you of either honoring it or the objective grounds that prevent us from honoring it or the justified time extension of its answer.
  • If you are not satisfied with the response to your request regarding your personal data, you always have the right to contact the Hellenic Data Protection Authority, which accepts the submission of complaints either by calling the Call Center at +30-210 6475600, by submitting your request in writing to its registry (1-3 Kifisias Avenue, GR-115 23, Athens), or by sending it electronically through the Authority’s website at www.dpa.gr.

7. How can you ensure the security of my Data?

The security of your data is our highest priority and an absolute commitment. To achieve this, we implement a comprehensive set of strict physical and electronic security measures. Regarding physical security, we ensure the presence of trained security personnel on our premises to prevent unauthorized access. In addition, a closed-circuit television (CCTV) system has been installed to monitor all critical areas, such as data server rooms, file storage areas, and restricted-access zones. At the electronic security level, we enforce a Resource Usage Policy, a Security Policy, and supporting procedures that clearly define the rules for the use of information systems and data management. We utilize advanced technological measures including firewall systems that filter and control incoming and outgoing network traffic to block malicious attacks; antivirus and antimalware software that detects, prevents, and neutralizes viruses, ransomware, and other digital threats; Data Loss Prevention (DLP) systems that monitor and control the movement of data, ensuring that sensitive information is not transferred or disclosed without authorization; two-factor authentication (2FA) that strengthens access to systems by requiring additional proof of identity beyond a password; and data encryption, applied as appropriate, both for data in transit and data at rest, ensuring that information remains unreadable to unauthorized parties. Access control mechanisms are also in place based on role-based access control (RBAC), ensuring that staff have access only to the information necessary to perform their duties. In addition to these safeguards, we regularly perform security checks and tests, including vulnerability assessments, penetration testing, and compliance audits against international security standards. We also provide continuous training and awareness programs to our employees on cybersecurity matters, strengthening the human layer of defense against threats. At the electronic security level, we enforce a Resource Usage Policy, a Security Policy, and supporting procedures that clearly define the rules for the use of information systems and data management. We utilize advanced technological measures including firewall systems that filter and control incoming and outgoing network traffic to block malicious attacks; antivirus and antimalware software that detects, prevents, and neutralizes viruses, ransomware, and other digital threats; Data Loss Prevention (DLP) systems that monitor and control the movement of data, ensuring that sensitive information is not transferred or disclosed without authorization; two-factor authentication (2FA) that strengthens access to systems by requiring additional proof of identity beyond a password; and data encryption, applied as appropriate, both for data in transit and data at rest, ensuring that information remains unreadable to unauthorized parties. Access control mechanisms are also in place based on role-based access control (RBAC), ensuring that staff have access only to the information necessary to perform their duties. In addition to these safeguards, we regularly perform security checks and tests, including vulnerability assessments, penetration testing, and compliance audits against international security standards. We also provide continuous training and awareness programs to our employees on cybersecurity matters, strengthening the human layer of defense against threats.
*This Data Processing Information Sheet was updated in July 2025. We reserve the right to amend or update this Information Sheet at any time. We will notify you of any changes, by publishing a new Information Sheet and posting it on the website of our Clinic, and notifying you in any appropriate way, as soon as possible, including through email messages. We encourage you to consult regularly this Information Sheet for any changes.
Personal Data – Video Filming

You can click here to learn about the processing of personal data from video surveillance systems.

Introduction
A key priority for the ALIMOS MODERN PRIVATE CLINIC (MEDICAL SINGLE-MEMBER) SA, trading as MEDIFIRST ALIMOS, MEDIFIRST MAROUSI and MEDIFIRST PERISTERI and their employees, is respect for privacy and protection of the confidentiality and security of the personal data of visitors, patients, patient companions, our external associates and all natural persons who interact in any way with the clinic. We would like to assure you that the clinic collects, processes and stores your personal data in accordance with the General Data Protection Regulation (EU) 679/2016 and Law 4624/2019, as well as any other applicable legislation pertaining to personal data protection, the provision of primary health care services, the Code of Medical Ethics and Deontology, and the decisions of the Hellenic Data Protection Authority. The clinic takes every necessary measure to prevent theft, loss or leaks of personal data. This notice is available at our visitor reception points as well as on the online website of the clinic.

ALIMOS MODERN PRIVATE CLINIC (MEDICAL SINGLE-MEMBER) SA trading as MEDIFIRST ALIMOS, MEDIFIRST MAROUSI and MEDIFIRST PERISTERI has its registered offices in Argyroupoli Attica, at 1 Geroulano Street and Polemiston Street, holder of Tax ID No 999862640 registered with the Piraeus Tax Office for Commercial Companies, and holder of General Commercial Register (G.E.MI.) No 51046/01N/B/B/02/33 (hereinafter referred to as ‘the Clinic’). Within the framework of the provision of primary health care services to you, the Clinic will process
your personal data in printed and electronic form and will act in the capacity of data controller in accordance with the legislation, having (as indicated above) its registered offices in Argyroupoli Attica, at 1 Geroulano Street and Polemiston Street, holder of Tax ID No 999862640 registered with the Piraeus Tax Office for Commercial Companies,
and holder of General Commercial Register (G.E.MI.) No 51046/01N/B/B/02/33.

1. Which categories of personal data do we collect and process?

When you arrive at the respective reception point, within the framework of proper provision of our services, we will create a personal file that will
include all necessary medical and other information required to provide you with high-level personalised
healthcare services. In order to do this, it is necessary for you to disclose certain information about yourself to us. This information will indicatively include the following:

  • Identity data, e.g. first name, last name, date of birth, police ID/passport number, social security number (AMKA), Tax ID number;
  • Contact information, which we collect at the reception stage, including e-mail address/
    postal address, telephone numbers (mobile/landline/fax);
  • Payment information such as bank account details, debit/credit cards or other bank cards;
  • Insurance information, details of your public insurance institution and/or private insurance company and your social security registration number (AMKA),
    so that the Accounts Office knows how to bill our services and can provide you with the necessary information regarding the cost of services;
  • Special categories of personal data /prior sensitive information, such as your social security number (AMKA), physical condition, pathological/clinical symptoms, medical examinations, personal and/or family medical history, medication, past hospitalisation, details of nationality and as appropriate, if strictly necessary for diagnosis or treatment purposes, information relating to your sexual life or your religious beliefs;
  • Bill settlement information, such as data necessary to manage the financial requirements of the Clinic and related or supporting documents;
  • Data we collect when you use and submit a complaint form, such as full name and telephone number; the
    complaint form is in principle submitted anonymously, and personal details only need to be given if the complainant themselves wishes to do so in order to receive specific information from the Clinic;
  • Information we collect when you contact our call centre, including your full name and telephone number;
  • Information we collect from contact forms submitted online (full name and telephone number);
  • Data we collect via completion of a customer satisfaction questionnaire (full name);
  • Lastly, image data is collected when you enter the building and on our premises by the CCTV system that we have in operation, which in compliance with applicable legislative provisions, you are promptly informed about when you enter our premises.
We treat all information in confidence as classified and make every effort to collect only absolutely necessary information in accordance with medical standards, and it is not processed for purposes other than those described herein.
From you: when you enter the reception points of the Clinic to make use of our medical services, the staff of the Clinic will ensure that the necessary details are collected from patients, who will fill in the special patient information form. If the patient is unable to do so, the information will be obtained from the patient’s companion or relative.
From you: through disclosure and completion of questionnaires that will be included in your medical record, from medical examinations you provide us, medical procedures, information arising from any codes assigned for the purpose of providing healthcare services, medical opinions from doctors, hospitalisation history, X-rays and medical imaging and generally any kind of medical information concerning your past or current physical health.
Special categories of personal data, primarily health data, may specifically be collected by the Clinic through contracted health service providers (such as hospitals, private clinics, diagnostic centres, doctors, etc.).
From visitors/users of our website, exclusively and only when they themselves voluntarily supply information so that we can process electronic requests.

3. Why do we process your personal data?

The Clinic provides primary health care services, which do not require admission to a hospital care facility and which include diagnosis, monitoring, treatment and medical visits. In this context, your data is subjected to automated and manual processing for the following purposes:
  • Both basic and special categories of data are collected and processed/submitted to processing by our staff for the purpose of providing you with primary healthcare services. In consequence, the legal basis for processing is deemed to be the provision of health services in accordance with the General Data Protection Regulation (GDPR) 679/2016 and Law 4624/2019. 4624/2019
  • Both basic data and special categories of data are collected and processed and/or submitted for processing by the Clinic’s duly authorised staff and are used to ensure coverage of the costs of your primary healthcare treatment by your private insurance company in accordance with the respective contractual terms of your insurance policy, after you have given your express prior consent to the transfer of your data. In this case, the legal basis for the processing of your data is your express consent. More specifically, by giving your consent, you authorise the Clinic to transfer your information on your behalf so that payment of the contractual contribution to your medical expenses can be claimed from the private insurance company with which you are insured. This consent is obtained for your own convenience, to ensure that you are not burdened with the full cost of your medical expenses. Consent is granted freely. If you do not wish your medical file information to be forwarded by the Clinic for this purpose, we wish to inform you that you will be liable for payment of the full cost of your medical expenses to the Clinic, and that you may accordingly then claim compensation from your private insurance company, in accordance with the terms of your insurance contract, by submitting the necessary information from the respective entity.
  • Both basic data and special categories of data collected and processed by the Clinic’s personnel for the purpose of providing primary healthcare services are also processed for the purposes of defending the Clinic’s legitimate interests, including the establishment, exercise, defense and support of any form of lawful claim. Consequently, the legal basis for processing in this case is the legitimate interest of the Clinic.
  • We process your basic data, collected during optional completion of the Patient/Guest Satisfaction Questionnaire, to determine the quality of our services and to investigate the level of satisfaction of our clients.

4. Where do we send your personal data?

  • Your data will be forwarded to nursing, medical and administrative staff in our departments, who are responsible for provision of our personalised services to you. Indicatively, these departments include Medical & Nursing Services, the Admissions Office, the Patient Accounts Office, Legal Services etc.
  • Your personal data, both basic and special category, will be transmitted to and made accessible to legal entities with which we have entered into contracts from time to time with regard to your insurance coverage (i.e. insurance companies etc.). In this case, these legal entities will process your data (basic and/or special categories of personal data), which we will send them in order to make their contribution to the cost of the healthcare services we are providing to you, within the framework of the insurance contract that you have entered into with them.
  • Your basic data may be transmitted and processed by our parent company, Achmea BV, which has its registered offices established in the Netherlands, in the Netherlands, as well as other affiliated companies of the Achmea Group within the European Union for purposes of transparency and control of compliance with the group’s corporate policies. In this case, data of special categories will not be transmitted unless there is a legal obligation to do so.
  • In every transfer, we always take every measure to ensure that the data transferred are the minimum necessary and that the conditions for lawful and fair processing are always met.
  • As provided for by law, the Clinic may disclose your data to public services, insurance
    funds, judicial, public and independent authorities, to lawyers, supervisory authorities, for example, police departments, traffic police, prosecutorial authorities, independent audit firms subject to a legitimate request on their part, to departments of the Ministry of Health, if this is strictly necessary for the fulfillment of a legitimate interest and, in particular, in the defence of legal rights or if required by law or court decision.
Lastly, the Clinic, in the context of providing its medical services to you, may transfer your personal data (basic and special categories thereof) to its third-party associates (external diagnostic centres) for the purpose of conducting specialised medical examinations not carried out within the Clinic, including the Pasteur Institute, MEDISYN, EUROCLINIC, BIOIATRIKI, AGIOS SAVVAS, SOTIRIAS, TZARTOS, PATERAKIS, AIMODOSIA LAIKO, MIKROANALYSIS, LOCUS MEDICUS to the pathology and anatomy laboratories, ISTOMEDICA, GK PATHOLOGY – GRIGORIADIS, ISTODOMI – PAPAMICHAIL, AMALIA KAPRALOU, EMMANOUIL AGAPITOS at the School of Public Health, the National Public Health Organisation (EODY), Attica Region’s Department of Health, as well as to suppliers of special medical materials, to collaborating doctors who provide independent services to the Clinic, to contracted medical equipment maintenance service providers, to companies providing software and applications, to printed materials storage and archiving companies. The necessary contractual commitments are required from our associates to ensure compliance with legal requirements regarding the protection of your personal data.

5. For how long do you keep my data on file?

  • We will retain your data for as long as provided by national legislation in both paper and electronic
    format and specifically in accordance with Law 3418/2005, (Government Gazette, Series I, No 287/28.11.2005) we are obliged to keep your data for a period of 20
    years from each admission or visit
  • We will also retain your data for as long as necessary until the expiry of the period of limitations
    pertaining to any relevant legal claims of the Clinic.
  • Your data collected by us from job applications/collaborations with our Clinic will be kept for a period of three (3) years.
  • Closed circuit television (CCTV) security recording data will be retained for 15 days. In the case of incidents causing harm to the Clinic, its staff, or third-party visitors, the images recorded from the specific event may be retained in a separate file for a longer period of time, in accordance with applicable legislation.
Lastly, the Clinic, in the context of providing its medical services to you, may transfer your personal data (basic and special categories thereof) to its third-party associates (external diagnostic centres) for the purpose of conducting specialised medical examinations not carried out within the Clinic, including the Pasteur Institute, MEDISYN, EUROCLINIC, BIOIATRIKI, AGIOS SAVVAS, SOTIRIAS, TZARTOS, PATERAKIS, AIMODOSIA LAIKO, MIKROANALYSIS, LOCUS MEDICUS to the pathology and anatomy laboratories, ISTOMEDICA, GK PATHOLOGY – GRIGORIADIS, ISTODOMI – PAPAMICHAIL, AMALIA KAPRALOU, EMMANOUIL AGAPITOS at the School of Public Health, the National Public Health Organisation (EODY), Attica Region’s Department of Health, as well as to suppliers of special medical materials, to collaborating doctors who provide independent services to the Clinic, to contracted medical equipment maintenance service providers, to companies providing software and applications, to printed materials storage and archiving companies. The necessary contractual commitments are required from our associates to ensure compliance with legal requirements regarding the protection of your personal data.

6. What rights do I have in relation to the processing of my data?

You have the rights set out in the General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679), and Law 4624/2019, and you may specifically exercise, as appropriate, the following rights:
(1) the right of access: to find out what data we process about you, for what reason, and who the recipients of this data are, as well as to receive copies of the data that is held at our clinic;
(2) the right to rectification: to request correction of any omissions or inaccuracies in your data.
(3) the right to erasure: to request the deletion of personal data concerning you, if you no longer wish for these data to be processed and if there is no legitimate reason for our clinic as data controller to retain and process them. When can we refuse requests for erasure? You should be aware that the right to erasure is not an absolute right, it cannot be satisfied if your information is being processed for certain legitimate reasons such as those described above, including the exercise or defense of the Clinic’s legal claims. Are we obliged to inform other recipients of your personal data about your request for erasure? In the event that your right to erasure has been satisfied, and we have provided your personal data to third parties, we will take measures to inform them of your request for erasure so that they, in turn, can delete the personal data in question. However, this may not always be feasible, or it may involve disproportionate effort on the part of our clinic.
(4) the right to restrict processing: you may ask to have the processing of your personal data restricted if you wish to contest the accuracy of the data and until its accuracy is verified, or if processing of the data by the Clinic is no longer necessary, but you require it to raise, exercise or defend legal claims. When can we refuse requests for restriction of processing? You should be aware that this right too is not an absolute right, it cannot be satisfied if your information is being processed for certain legal reasons such as those described above, including the exercise or defense of the Clinic’s legal claims. Are we required to inform other data recipients regarding the restrictions? If we have shared your personal data with third parties, we will take steps wherever feasible to inform the recipients regarding the restriction of processing of your personal information so that they do not continue to process it.
(5) the right to portability: this right enables you to receive and transfer your data in a structured and commonly used format.
  • If you have questions regarding the processing of your personal data, if you wish to exercise any of your rights under the General Regulation (EU) 679/2016, or you wish to submit a complaint regarding your personal data, you may contact the Clinic’s data protection officer, by filling in the Clinic’s ‘Exercise of Rights Form’, or by sending a letter by post to the address: 124-126 Syggrou Avenue, Athens, or by sending an email to
    dpo@interamerican.gr.
  • When making your request, please be clear about which right you wish to exercise in relation to your personal data. If your request is not specific, we may have to ask you for further personal information for the purposes of clarification. In order to be able to resolve any request you may make, we may ask you for further proof of identity, such as identity card or passport details and other additional personal data so that we can securely identify the personal data in question. If you exercise any of these rights, we will take all reasonable measures to respond to your application within thirty (30) days of receipt, and we will duly inform you either of the satisfactory resolution of your issue, or of the objective reasons preventing its satisfaction, or of the reasons requiring an extension of the response time.
  • If you are not satisfied with the response to your application regarding your personal data, you nevertheless in any case retain the right to contact the Personal Data Protection Authority, which also accepts the submission of relevant complaints, either by contacting the call centre on +30 210 6475600, or by submitting your request in writing to its offices (1-3 Kifisias Avenue, Postcode 115 23, Athens) or lastly, by sending an email to: contact@dpa.gr

7. How do you ensure the security of my data?

The security of your data is an absolute commitment for us. To accomplish this, we apply all of the latest appropriate technical and organisational measures for processing purposes. We confirm compliance with these measures via regular periodic checks, in order to:
Protect your personal data from unauthorised access and improper use;
Secure our IT systems and safeguard information;
Ensure that we can restore your data in cases where your data is otherwise damaged or lost.
Indicative measures to support both physical and electronic security of the data processed in our clinic include the security physical presence in our building, the installation of a closed circuit monitoring system for critical areas, the implementation of resource fair use and security policies as well as support procedures, the installation of firewalls, antivirus and antimalware software, the implementation of data loss prevention (DLP) systems, the use of two-factor authentication (2FA), encryption as necessary, and others.
*This personal data processing notice was updated in July 2022. We reserve the right to modify or update this notice at any time. We will notify you of any changes by publishing the updated notice and posting it on the Clinic’s website and informing you of this by any appropriate means, at the earliest opportunity, including by email. We also encourage you to consult this notice regularly to review any changes that may have been made.
Personal Data – Video Filming

You can click here to learn about the processing of personal data from video surveillance systems.

What are cookies?
They are small text files sent to the browser you use and stored on your computer, mobile phone or other electronic device, while you are using our website. Cookies help us track performance and traffic to our website, helping us to improve its presentation and content according to the preferences of our visitors.