Privacy Policy

Microdiagnostics fully respects what is most valuable to its clients, placing particular emphasis on their personal data, the protection of which considers a fundamental right. Over 250 million people share their personal data daily with businesses, organizations, institutions, and individuals across a wide range of activities. The protection of personal data is a recognized fundamental right for all EU citizens.

We have always aimed to provide you with clear and simple information in our Privacy Policy about the personal data we collect and use, as well as how we protect it. Our goal is to be as honest and transparent as possible with users of our diagnostic services regarding the data we collect to provide these services, how we use it, and where we share it.

For this reason, Microdiagnostics strongly supports the new legal framework of rules that now applies in our country under the title “General Data Protection Regulation (GDPR)”, which replaces the outdated 1995 EU directive on data protection and harmonizes privacy legislation across the EU. The purpose of the GDPR is to ensure that the personal data of European citizens is protected and kept secure in the same way across all Member States.

In summary, the new Regulation introduces new terms and conditions in cases where the collection and processing of personal data is based solely on the data subject’s consent. Specifically, consent must be given through a “clear affirmative act” and must be “freely given, specific, informed and unambiguous.” This means that consent cannot be implied or embedded within other terms or information. Parental consent is required when obtaining consent from minors under the age of fifteen. Consent must also be “demonstrable” at any time and must include clear procedures for withdrawal.

Defines Personal Data of its clients as any information relating to an identified or identifiable natural person (“data subject”). An identifiable natural person is one who can be identified, directly or indirectly, especially by reference to an identifier such as a name, ID number, location data, online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that person. Examples include name, profession, family status, age, residence, email address, bank account details, as well as data regarding racial or ethnic origin and medical history.

Defines Processing as any operation or set of operations performed on personal data, with or without automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

Has appointed a Data Controller, a qualified individual responsible for determining the purposes and methods of processing personal data and ensuring that such processing complies with the GDPR and applicable Greek and international law.

• Personal data is processed lawfully, fairly, and in a transparent manner in relation to the data subject.
• Personal data is collected for specified, explicit, and legitimate purposes and not further processed in a manner incompatible with those purposes, especially concerning health data processing.
• We maintain medical records, electronic or otherwise, containing all data linked to the patient’s illness or health. These personal data were provided by you to ensure high-quality diagnostic services and outstanding service before and after diagnosis (sample reception, patient admission, result approval, post-diagnosis communication, etc.). We do not intend to use this data for any other purpose or share it with any third party.
• The data is stored in a secure server database with all necessary encryption and digital security measures, overseen by our IT department. Only authorized personnel with encrypted usernames and passwords can access this data solely for administrative purposes, maintaining full confidentiality in accordance with GDPR, Medical Privacy, and Medical Ethics Code.
• Further processing of data for archiving in the public interest, scientific or historical research, or statistical purposes is not considered incompatible with the original purpose per Article 89(1)
• Personal data is adequate, relevant, and limited to what is necessary in relation to the purposes for which they are processed.
• Personal data is accurate and, where necessary, kept up to date, with all reasonable measures taken to promptly delete or rectify inaccurate data.
• Personal data is kept in a form that allows the identification of data subjects only for as long as necessary for the purposes of processing. Longer retention is allowed for public interest archiving, scientific/historical research, or statistical purposes if appropriate safeguards are applied per Article 89(1).
• Personal data is processed in a way that ensures appropriate security, including protection against unauthorized or unlawful processing and accidental loss, destruction, or damage, using appropriate technical or organizational measures (“integrity and confidentiality”).
• Personal data is shared with public insurance funds and private insurance companies contracted by the patient, as required by Greek law.
• In case of promotional or advertising materials, whether digital or printed, Microdiagnostics only sends such materials to users who have explicitly consented and allows them to withdraw consent at any time.

We further declare that the Data Controller: Is responsible and able to demonstrate compliance with paragraph 1. Recognizes that processing (Article 6) is lawful only if at least one of the following applies:

• The data subject has given consent for one or more specific purposes.
• Processing is necessary for the performance of a contract to which the data subject is party or to take steps at the data subject’s request prior to entering a contract
• Processing is necessary for compliance with a legal obligation.
• Processing is necessary to protect the vital interests of the data subject or another individual.
• Processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority.
• Processing is necessary for legitimate interests pursued by the controller or a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject, especially if the subject is a child (under 16 years, as per applicable law).

Cookies never contain personal information or allow anyone to contact the website visitor via phone, email, etc. Cookies also do not access documents or files on the user’s computer. Their use allows the website to remember user preferences, collecting useful browsing behavior information.

Technically necessary cookies are essential for the proper functioning of the website, enabling navigation and use of its features. These cookies do not identify the user individually. Without them, Microdiagnostics cannot effectively operate its website. The user may enable, disable, or delete cookies entirely through their browser settings.

Request correction of inaccurate personal data or completion of incomplete personal data. Withdraw their consent and request the cessation of processing or deletion of their data, unless a legal reason requires retention.
Be informed within 72 hours in the event of a data breach that puts their personal data at risk.

You may view the patient forms below:

GDPR Patient Consent Form
Request for Result Delivery via Email

If you have questions, contact us using the contact form or email: dpo@microdiagnostics.gr

Your data protection is of utmost importance to us!